CVSS: 4.3EPSS: 25%CPEs: 10EXPL: 0CVE-2015-6059
https://notcve.org/view.php?id=CVE-2015-6059
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." Los motores Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, tal como se utiliza en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos obtener información sensible de los procesos de la memoria a través de un sitio web manipulado, también conocido como 'Scripting Engine Information Disclosure Vulnerability'. • http://www.securitytracker.com/id/1033800 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 43%CPEs: 5EXPL: 0CVE-2015-6048
https://notcve.org/view.php?id=CVE-2015-6048
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6049. Microsoft Internet Explorer 7 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6049. • http://www.securitytracker.com/id/1033800 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 81%CPEs: 5EXPL: 0CVE-2015-6049
https://notcve.org/view.php?id=CVE-2015-6049
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6048. Microsoft Internet Explorer 7 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6048. • http://www.securitytracker.com/id/1033800 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 8EXPL: 0CVE-2015-6052
https://notcve.org/view.php?id=CVE-2015-6052
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass." Los motores Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, tal como se utiliza en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos eludir el mecanismo de protección ASLR a través de un sitio web manipulado, también conocido como 'VBScript and JScript ASLR Bypass'. • http://www.securitytracker.com/id/1033800 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 64%CPEs: 10EXPL: 0CVE-2015-6055 – Microsoft Windows VBScript Join Function Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6055
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Filter arguments, aka "Scripting Engine Memory Corruption Vulnerability." Los motores Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, tal como se utiliza en Internet Explorer 8 hasta la versión 11 y otros productos, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de argumentos Filter manipulados, también conocido como 'Scripting Engine Memory Corruption Vulnerability'. This vulnerability allows remote attackers to execute arbitrary code in applications using the VBScript scripting language running on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Join function in VBScript. • http://www.securityfocus.com/bid/77010 http://www.securitytracker.com/id/1033800 http://www.zerodayinitiative.com/advisories/ZDI-15-521 http://www.zerodayinitiative.com/advisories/ZDI-15-537 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •