CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0020 – Microsoft Internet Explorer NewMessage Protected Mode Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2016-0020
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "MAPI DLL Loading Elevation of Privilege Vulnerability." Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 no maneja adecuadamente la carga de DLL, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocido como "MAPI DLL Loading Elevation of Privilege Vulnerability". This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IShdocvwBroker::NewMessage API. Calling this API causes the broker process to load a DLL from a potentially unsafe location. • http://www.securitytracker.com/id/1034661 http://www.zerodayinitiative.com/advisories/ZDI-16-018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-007 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7071
https://notcve.org/view.php?id=CVE-2015-7071
The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname. El componente File Bookmark en Apple OS X en versiones anteriores a 10.11.2 permite a atacantes eludir el mecanismo de protección sandbox para marcadores de ámbito de aplicación a través de un nombre de ruta manipulado. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://www.securitytracker.com/id/1034344 https://support.apple.com/HT205637 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 82%CPEs: 9EXPL: 1CVE-2015-8080 – redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2015-8080
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. Desbordamiento de entero en la función getnum en lua_struct.c en Redis 2.8.x en versiones anteriores a 2.8.24 y 3.0.x en versiones anteriores a 3.0.6 permite a atacantes dependientes de contexto con permiso para ejecutar código Lua en una sesión Redis provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente eludir restricciones destinadas a la sandbox a través de un número grande, lo que desencadena un desbordamiento de buffer basado en pila. ... A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server (denial of service) or gain code execution outside of the Lua sandbox. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html http://rhn.redhat.com/errata/RHSA-2016-0095.html http://rhn.redhat.com/errata/RHSA-2016-0096.html http://rhn.redhat.com/errata/RHSA-2016-0097.html http://www.debian.org/security/2015/dsa-3412 http://www.openwall.com/lists/oss-security/2015/11/06/2 http://www.openwall.com/lists/oss-security/2015/11/06/4 http://www.securityfocus.com/bid/77507 https://github.com/antirez/redis/issues/2855 https&# • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 0%CPEs: 44EXPL: 0CVE-2015-2503
https://notcve.org/view.php?id=CVE-2015-2503
Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability." Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japonés) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016 y Lync 2013 SP1 permiten a atacantes remotos eludir un mecanismo de protección sandbox y obtener privilegios a través de una página web manipulada a la que se accede con Internet Explorer, según lo demostrado por una transición de Low Integrity a Medium Integrity, también conocida como 'Microsoft Office Elevation of Privilege Vulnerability'. • http://www.securitytracker.com/id/1034117 http://www.securitytracker.com/id/1034119 http://www.securitytracker.com/id/1034122 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-116 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7003 – OS X Coreaudiod Calls Uninitialized Function Pointer
https://notcve.org/view.php?id=CVE-2015-7003
coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app. coreaudiod en Audio en Apple OS X en versiones anteriores a 10.11.1 no inicializa una estructura de datos sin especificar, lo que permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. com.apple.audio.coreaudiod is reachable from various sandboxes including the Safari renderer. coreaudiod is sandboxed and runs as its own user, nevertheless it has access to various other interesting attack surfaces which safari doesn't, allowing this bug to potentially form part of a full sandbox escape chain. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-264: Permissions, Privileges, and Access Controls •