CVSS: 9.3EPSS: 43%CPEs: 5EXPL: 0CVE-2015-6150 – Microsoft Internet Explorer CTableLayout Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6150
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6154. Microsoft Internet Explorer 7 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6154. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of CTableLayout objects. By manipulating a document's elements, an attacker can force a dangling pointer to be reused after it has been freed. • http://www.securitytracker.com/id/1034315 http://www.zerodayinitiative.com/advisories/ZDI-15-590 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 34%CPEs: 5EXPL: 0CVE-2015-6151 – Microsoft Internet Explorer CSelectTracker Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6151
Microsoft Internet Explorer 8 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6083. Microsoft Internet Explorer 8 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Microsoft Browser Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6083. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer tracks selected text on a web page. By manipulating a document's elements an attacker can force a CSelectTracker object in memory to be reused after it has been freed. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034316 http://www.zerodayinitiative.com/advisories/ZDI-15-599 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 43%CPEs: 2EXPL: 0CVE-2015-6147 – Microsoft Internet Explorer CTableRowCellsCollectionCacheItem Out-Of-Bounds Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6147
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6149. Microsoft Internet Explorer 8 y 9 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6149. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of CTableRowCellsCollectionCacheItem objects. By using a function of this object, an out of bounds access of memory can occur. • http://www.securitytracker.com/id/1034315 http://www.zerodayinitiative.com/advisories/ZDI-15-598 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 43%CPEs: 1EXPL: 0CVE-2015-6134 – Microsoft Windows JScript External Object Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6134
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6141. Microsoft Internet Explorer 9 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6141. This vulnerability allows remote attackers to execute arbitrary code in applications using the JScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw relates to how JScript handles external objects that also serve as callable objects within script. • http://www.securitytracker.com/id/1034315 http://www.zerodayinitiative.com/advisories/ZDI-15-600 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 27%CPEs: 3EXPL: 0CVE-2015-6065 – Microsoft Internet Explorer CFontFace Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6065
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6078. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6078. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer keeps track of @font-face rules in CSS stylesheets. By manipulating a document's elements an attacker can force a CFontFace object in memory to be reused after it has been freed. • http://www.securitytracker.com/id/1034112 http://www.zerodayinitiative.com/advisories/ZDI-16-229 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1210 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •