CVSS: 9.3EPSS: 37%CPEs: 4EXPL: 0CVE-2015-2485 – Microsoft Internet Explorer Element ID Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2485
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2491 and CVE-2015-2541. Vulnerabilidad en Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Memory Corruption Vulnerability,' una vulnerabilidad diferente a CVE-2015-2491 y CVE-2015-2541. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes the IDs of HTML elements. By manipulating a document's elements an attacker can cause a CPtrAry<CDOMNode*> object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/76572 http://www.securitytracker.com/id/1033487 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-095 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 37%CPEs: 6EXPL: 0CVE-2015-2486 – Microsoft Internet Explorer mergeAttributes Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2486
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. Vulnerabilidad en Microsoft Internet Explorer 7 hasta la versión 11 y Microsoft Edge, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Memory Corruption Vulnerability,' una vulnerabilidad diferente a CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498 y CVE-2015-2499. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer performs merging of HTML attributes. By manipulating a document's elements, an attacker can cause an object in memory to be processed as if it were a different type of object. • http://www.securityfocus.com/bid/76573 http://www.securitytracker.com/id/1033487 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-095 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 37%CPEs: 2EXPL: 0CVE-2015-2500 – Microsoft Internet Explorer CImgElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2500
Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability." Vulnerabilidad en Microsoft Internet Explorer 7 y 8, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Memory Corruption Vulnerability.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of CImgElement objects. By manipulating a document's elements, an attacker can cause a CImgElement object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/76581 http://www.securitytracker.com/id/1033487 http://www.zerodayinitiative.com/advisories/ZDI-15-426 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 37%CPEs: 3EXPL: 0CVE-2015-2541 – Microsoft Internet Explorer CAttrValue Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2541
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2485 and CVE-2015-2491. Vulnerabilidad en Microsoft Internet Explorer 9 hasta la versión 11, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Memory Corruption Vulnerability,' una vulnerabilidad diferente a CVE-2015-2485 y CVE-2015-2491. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CAttrValue objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/76583 http://www.securitytracker.com/id/1033487 http://www.zerodayinitiative.com/advisories/ZDI-15-428 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 51%CPEs: 5EXPL: 0CVE-2015-2487 – Microsoft Internet Explorer Embedded Windows Media Player Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2487
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. Vulnerabilidad en Microsoft Internet Explorer 7 hasta la versión 11, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Memory Corruption Vulnerability,' una vulnerabilidad diferente a CVE-2015-2486, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498 y CVE-2015-2499. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer interacts with Windows Media Player when the latter is used to perform media as part of a web page. By manipulating a document's elements an attacker can cause an object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/76574 http://www.securitytracker.com/id/1033487 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •