CVSS: 9.3EPSS: 91%CPEs: 8EXPL: 0CVE-2015-6136 – Microsoft Windows VBScript Split Function Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-6136
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Los motores de Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, como se utilizan en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, también conocida como 'Scripting Engine Memory Corruption Vulnerability'. This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the VBScript Split function. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034317 http://www.zerodayinitiative.com/advisories/ZDI-15-591 http://www.zerodayinitiative.com/advisories/ZDI-15-592 http://www.zerodayinitiative.com/advisories/ZDI-15-593 http://www.zerodayinitiative.com/advisories/ZDI-15-594 http://www.zerodayinitiative.com/advisories/ZDI-15-595 http://www.zerodayinitiative.com/advisories/ZDI-15-597 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 26%CPEs: 3EXPL: 0CVE-2015-6148 – Microsoft Internet Explorer CBGsound Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6148
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6156. Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Microsoft Browser Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6156. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of CBGsound objects. By manipulating a document's elements, an attacker can force a dangling pointer to be reused after it has been freed. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034316 http://www.zerodayinitiative.com/advisories/ZDI-15-588 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 51%CPEs: 5EXPL: 0CVE-2015-6150 – Microsoft Internet Explorer CTableLayout Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6150
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6154. Microsoft Internet Explorer 7 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6154. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of CTableLayout objects. By manipulating a document's elements, an attacker can force a dangling pointer to be reused after it has been freed. • http://www.securitytracker.com/id/1034315 http://www.zerodayinitiative.com/advisories/ZDI-15-590 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 26%CPEs: 5EXPL: 0CVE-2015-6151 – Microsoft Internet Explorer CSelectTracker Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6151
Microsoft Internet Explorer 8 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6083. Microsoft Internet Explorer 8 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Microsoft Browser Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6083. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer tracks selected text on a web page. By manipulating a document's elements an attacker can force a CSelectTracker object in memory to be reused after it has been freed. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034316 http://www.zerodayinitiative.com/advisories/ZDI-15-599 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 85%CPEs: 5EXPL: 0CVE-2015-6070
https://notcve.org/view.php?id=CVE-2015-6070
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6071, CVE-2015-6074, CVE-2015-6076, and CVE-2015-6087. Microsoft Internet Explorer 7 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6066, CVE-2015-6071, CVE-2015-6074, CVE-2015-6076 y CVE-2015-6087. • http://www.securitytracker.com/id/1034112 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •