CVSS: 9.3EPSS: 96%CPEs: 12EXPL: 1CVE-2015-2419 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2015-2419
JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability." Las versiones 10 y 11 de Microsoft Internet Explorer con JScript 9 permiten a atacantes la ejecución de código arbitrario o provocar denegación de servicio (corrupción de memoria) mediante sitios web manipulados, también conocida como 'Vulnerabilidad de corrupción de Memoria en JScript9'. JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. • https://www.exploit-db.com/exploits/44743 http://www.securitytracker.com/id/1032894 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 79%CPEs: 6EXPL: 0CVE-2015-2425 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2015-2425
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2384. Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como “Vulnerabilidad de corrupción de Memoria en Internet Explorer”, una vulnerabilidad diferente a CVE-2015-2383 y a CVE-2015-2384. Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). • http://www.securitytracker.com/id/1032894 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065 • CWE-787: Out-of-bounds Write •
CVSS: 6.9EPSS: 0%CPEs: 14EXPL: 0CVE-2015-2371 – Microsoft Windows Installer Local Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2015-2371
The Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a custom action script associated with a .msi package, aka "Windows Installer EoP Vulnerability." El servicio Windows Installer en Microsoft Windows Server 2003 SP2 y R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a usuarios locales escalar privilegios a través de un script de acción personalizado asociado con un paquete .msi, también conocida como “Vulnerabilidad EoP en Windows Installer.” This vulnerability allows local attackers to execute arbitrary code as SYSTEM on vulnerable installations of Microsoft Windows. An attacker must be logged in as a user on the system in order to execute the attack. The specific flaw exists within the behavior of some MSI installations. Some installations will launch an executable as SYSTEM during uninstallation or repair. • http://www.securitytracker.com/id/1032905 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-074 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 3%CPEs: 7EXPL: 0CVE-2015-2368 – Microsoft Internet Explorer DLL Planting Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-2368
Untrusted search path vulnerability in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Windows DLL Remote Code Execution Vulnerability." Vulnerabilidad en la busqueda de ruta no confiable en Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2 y Windows RT 8.1 permite a usuarios locales obtener privilegios a través de un Troyano DLL en el directorio de trabajo actual, error conocido como 'Windows DLL Remote Code Execution Vulnerability.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DLL loading by the Internet Explorer broker process, which can be induced to load a library in its context from a directory controlled by the low-integrity process. An attacker can leverage this vulnerability to execute code under the context of the user at medium integrity. • http://www.securitytracker.com/id/1032898 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-069 •
CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 1CVE-2015-1724 – Microsoft Windows Kernel - Brush Object Use-After-Free (MS15-061)
https://notcve.org/view.php?id=CVE-2015-1724
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Object Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en los controladores del modo de kernel en Microsoft Windows Server 2003 SP2 y R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2, y Windows RT Gold y 8.1 permite a usuarios locales ganar privilegios a través de una aplicación manipulada, también conocido como 'vulnerabilidad de uso después de liberación del objeto del kernel de Microsoft Windows.' The Microsoft Windows kernel suffers from a brush object use-after-free vulnerability. • https://www.exploit-db.com/exploits/38272 http://www.securitytracker.com/id/1032525 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-061 • CWE-416: Use After Free •