CVE-2015-6076 – Microsoft Internet Explorer htmlFor Attribute Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6076
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6074, and CVE-2015-6087. Microsoft Internet Explorer 7 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6074 y CVE-2015-6087. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes the htmlFor attribute of script elements. By manipulating a document's elements an attacker can force a CElement-derived object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/77449 http://www.securitytracker.com/id/1034112 http://www.zerodayinitiative.com/advisories/ZDI-15-541 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6086 – Microsoft Internet Explorer CDOMStringDataList::InitFromString Out-Of-Bounds Indexing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-6086
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos obtener información sensible de la memoria de proceso a través de una página web manipulada, también conocida como 'Internet Explorer Information Disclosure Vulnerability'. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CDOMStringDataList::InitFromString. By manipulating a document's elements an attacker can read outside the bounds of an allocated chunk. • https://www.exploit-db.com/exploits/39698 https://github.com/payatu/CVE-2015-6086 http://www.securityfocus.com/bid/77461 http://www.securitytracker.com/id/1034112 http://www.zerodayinitiative.com/advisories/ZDI-15-547 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-6081 – Microsoft Internet Explorer CTableLayout Out-Of-Bounds Memory Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6081
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6069. Microsoft Internet Explorer 8 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6069. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CTableLayout objects. By manipulating a document's elements an attacker can force out-of-bounds reads and writes. • http://www.securityfocus.com/bid/77453 http://www.securitytracker.com/id/1034112 http://www.zerodayinitiative.com/advisories/ZDI-15-544 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6048
https://notcve.org/view.php?id=CVE-2015-6048
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6049. Microsoft Internet Explorer 7 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6049. • http://www.securitytracker.com/id/1033800 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 • CWE-787: Out-of-bounds Write •
CVE-2015-6046
https://notcve.org/view.php?id=CVE-2015-6046
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, también conocida como 'Internet Explorer Information Disclosure Vulnerability'. • http://www.securitytracker.com/id/1033800 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •