CVE-2019-0940 – Microsoft Edge CDXImageRenderTarget Double Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-0940
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. Existe una vulnerabilidad de ejecución de código remota en la manera en que los navegadores de Microsoft acceden a los objetos en la memoria, también se conoce como 'Microsoft Browser Memory Corruption Vulnerability'. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rendering of pattern images within HTML canvas elements. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0940 • CWE-787: Out-of-bounds Write •
CVE-2019-0862
https://notcve.org/view.php?id=CVE-2019-0862
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0753. Se presenta una vulnerabilidad de ejecución de código remota en la manera en que el motor de scripting maneja los objetos en la memoria en Internet Explorer, también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID de CVE es diferente de los CVE-2019-0739, CVE-2019-0752, CVE-2019-0753. • http://www.securityfocus.com/bid/107727 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0862 • CWE-787: Out-of-bounds Write •
CVE-2019-0835
https://notcve.org/view.php?id=CVE-2019-0835
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory, aka 'Microsoft Scripting Engine Information Disclosure Vulnerability'. Se presenta una vulnerabilidad de divulgación de información cuando el motor de scripting no maneja apropiadamente los objetos en la memoria, también se conoce como “Microsoft Scripting Engine Information Disclosure Vulnerability”. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0835 •
CVE-2019-0764
https://notcve.org/view.php?id=CVE-2019-0764
A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka 'Microsoft Browsers Tampering Vulnerability'. Existe una vulnerabilidad de manipulación cuando los exploradores de Microsoft no comprueban correctamente la entrada en condiciones específicas, también se conoce como “Microsoft Browsers Tampering Vulnerability". • http://www.securityfocus.com/bid/107731 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0764 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2019-0752 – Microsoft Internet Explorer Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2019-0752
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862. Existe una vulnerabilidad de ejecución remota de código en la forma en que el motor de scripting maneja los objetos de la memoria en Internet Explorer, también conocido como'Vulnerabilidad a la corrupción de la memoria del motor de scripting'. Este CVE ID es diferente de CVE-2019-0739, CVE-2019-0753, CVE-2019-0862. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. • https://www.exploit-db.com/exploits/46928 https://github.com/ZwCreatePhoton/CVE-2019-0752 http://packetstormsecurity.com/files/153078/Microsoft-Internet-Explorer-Windows-10-1809-17763.316-Memory-Corruption.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0752 https://www.zerodayinitiative.com/advisories/ZDI-19-359 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •