CVE-2020-17053 – Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-17053
Internet Explorer Memory Corruption Vulnerability Vulnerabilidad de corrupción de la memoria de Internet Explorer This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arrays in JavaScript. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17053 • CWE-787: Out-of-bounds Write •
CVE-2020-1506 – Windows Start-Up Application Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1506
<p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>There are multiple ways an attacker could exploit the vulnerability:</p> <ul> <li><p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1506 •
CVE-2020-1012 – WinINet API Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-1012
<p>An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.</p> <p>There are multiple ways an attacker could exploit the vulnerability:</p> <ul> <li><p>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1012 •
CVE-2020-0878 – Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-0878
<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0878 • CWE-787: Out-of-bounds Write •
CVE-2020-1570 – Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-1570
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1570 • CWE-787: Out-of-bounds Write •