CVSS: 9.3EPSS: 51%CPEs: 5EXPL: 0CVE-2015-2487 – Microsoft Internet Explorer Embedded Windows Media Player Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2487
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. Vulnerabilidad en Microsoft Internet Explorer 7 hasta la versión 11, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Memory Corruption Vulnerability,' una vulnerabilidad diferente a CVE-2015-2486, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498 y CVE-2015-2499. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer interacts with Windows Media Player when the latter is used to perform media as part of a web page. By manipulating a document's elements an attacker can cause an object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/76574 http://www.securitytracker.com/id/1033487 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 42%CPEs: 5EXPL: 0CVE-2015-2499 – Microsoft Internet Explorer CTableColCalc Out-Of-Bounds Memory Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2499
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2498. Vulnerabilidad en Microsoft Internet Explorer 7 hasta la versión 11, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Memory Corruption Vulnerability,' una vulnerabilidad diferente a CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494 y CVE-2015-2498. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of table column elements. When a width of the column element is modified to a large value, this can cause an out-of-bounds memory access. • http://www.securityfocus.com/bid/76580 http://www.securitytracker.com/id/1033487 http://www.zerodayinitiative.com/advisories/ZDI-15-425 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 40%CPEs: 3EXPL: 0CVE-2015-2541 – Microsoft Internet Explorer CAttrValue Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2541
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2485 and CVE-2015-2491. Vulnerabilidad en Microsoft Internet Explorer 9 hasta la versión 11, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Memory Corruption Vulnerability,' una vulnerabilidad diferente a CVE-2015-2485 y CVE-2015-2491. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CAttrValue objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/76583 http://www.securitytracker.com/id/1033487 http://www.zerodayinitiative.com/advisories/ZDI-15-428 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 40%CPEs: 4EXPL: 0CVE-2015-2485 – Microsoft Internet Explorer Element ID Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2485
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2491 and CVE-2015-2541. Vulnerabilidad en Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Memory Corruption Vulnerability,' una vulnerabilidad diferente a CVE-2015-2491 y CVE-2015-2541. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes the IDs of HTML elements. By manipulating a document's elements an attacker can cause a CPtrAry<CDOMNode*> object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/76572 http://www.securitytracker.com/id/1033487 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-095 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 92%CPEs: 25EXPL: 1CVE-2015-2502 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2015-2502
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015. Vulnerabilidad en Microsoft Internet Explorer 7 hasta la versión 11, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como 'Vulnerabilidad de Corrupción de Memoria', tal y como fue explotada activamente en agosto de 2015. Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS). • http://twitter.com/Laughing_Mantis/statuses/633839231840841728 http://twitter.com/Laughing_Mantis/statuses/633839771865886721 http://www.securityfocus.com/bid/76403 http://www.securitytracker.com/id/1033317 http://www.securityweek.com/microsoft-issues-emergency-patch-critical-ie-flaw-exploited-wild https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-093 • CWE-787: Out-of-bounds Write •