CVE-2015-6083 – Microsoft Internet Explorer CTableRow Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6083
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6151. Microsoft Internet Explorer 8 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6151. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of CTableRow objects. By manipulating a document's elements, an attacker can cause a CTableRow object in memory to be reused after it has been freed. • http://www.securitytracker.com/id/1034315 http://www.zerodayinitiative.com/advisories/ZDI-15-647 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6154
https://notcve.org/view.php?id=CVE-2015-6154
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6150. Microsoft Internet Explorer 7 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Microsoft Browser Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6150. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034316 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6135 – Microsoft Windows VBScript CreateObject Function Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-6135
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." Los motores de Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, como se utilizan en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, también conocida como 'Scripting Engine Information Disclosure Vulnerability'. This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the VBScript CreateObject function. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034317 http://www.zerodayinitiative.com/advisories/ZDI-15-586 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-126 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-6136 – Microsoft Windows VBScript Split Function Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-6136
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Los motores de Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, como se utilizan en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, también conocida como 'Scripting Engine Memory Corruption Vulnerability'. This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the VBScript Split function. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034317 http://www.zerodayinitiative.com/advisories/ZDI-15-591 http://www.zerodayinitiative.com/advisories/ZDI-15-592 http://www.zerodayinitiative.com/advisories/ZDI-15-593 http://www.zerodayinitiative.com/advisories/ZDI-15-594 http://www.zerodayinitiative.com/advisories/ZDI-15-595 http://www.zerodayinitiative.com/advisories/ZDI-15-597 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6147 – Microsoft Internet Explorer CTableRowCellsCollectionCacheItem Out-Of-Bounds Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6147
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6149. Microsoft Internet Explorer 8 y 9 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6149. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of CTableRowCellsCollectionCacheItem objects. By using a function of this object, an out of bounds access of memory can occur. • http://www.securitytracker.com/id/1034315 http://www.zerodayinitiative.com/advisories/ZDI-15-598 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •