CVE-2017-0202 – Microsoft Internet Explorer 11.576.14393.0 - 'CStyleSheetArray::BuildListOfMatchedRules' Memory Corruption
https://notcve.org/view.php?id=CVE-2017-0202
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability." Existe una vulnerabilidad de ejecución remota de código cuando Internet Explorer accede inadecuadamente a objetos en la memoria. La vulnerabilidad podría dañar la memoria de tal manera que un atacante podría ejecutar código arbitrario en el contexto del usuario actual, vulnerabilidad también conocida como "Internet Explorer Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/41941 http://www.securityfocus.com/bid/97441 http://www.securitytracker.com/id/1038238 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0202 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-0018 – Microsoft Internet Explorer CHtmTag Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-0018
Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149. Microsoft Internet Explorer 10 y 11 permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Internet Explorer Memory Corruption Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0037 y CVE-2017-0149. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Internet Explorer. • http://www.securityfocus.com/bid/96086 http://www.securitytracker.com/id/1038008 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0018 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-0149 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2017-0149
Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037. Microsoft Internet Explorer 9 hasta la versión 11 permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Internet Explorer Memory Corruption Vulnerability". Esta vulnerabilidad es diferente a la descrita en CVE-2017-0018 y CVE-2017-0037. Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website. • http://www.securityfocus.com/bid/96724 http://www.securitytracker.com/id/1038008 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0149 • CWE-787: Out-of-bounds Write •
CVE-2017-0040
https://notcve.org/view.php?id=CVE-2017-0040
The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." This vulnerability is different from that described in CVE-2017-0130. El motor de secuencias de comandos en Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability". Esta vulnerabilidad es diferente de la descrita en CVE-2017-0130. • http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf http://www.securityfocus.com/bid/96094 http://www.securitytracker.com/id/1038008 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-0009
https://notcve.org/view.php?id=CVE-2017-0009
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068. Microsoft Internet Explorer 9 hasta la versión 11 permiten a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, también conocido como "Microsoft Browser Memory Corruption Vulnerability". Esta vulnerabilidad es distinta de aquellas descritas en CVE-2017-0011, CVE-2017-0017, CVE-2017-0065 y CVE-2017-0068. • http://www.security-assessment.com/files/documents/advisory/comparestring_infoleak.pdf http://www.securityfocus.com/bid/96077 http://www.securitytracker.com/id/1038006 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0009 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •