CVE-2016-0020 – Microsoft Internet Explorer NewMessage Protected Mode Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2016-0020
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "MAPI DLL Loading Elevation of Privilege Vulnerability." Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 no maneja adecuadamente la carga de DLL, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, también conocido como "MAPI DLL Loading Elevation of Privilege Vulnerability". This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IShdocvwBroker::NewMessage API. Calling this API causes the broker process to load a DLL from a potentially unsafe location. • http://www.securitytracker.com/id/1034661 http://www.zerodayinitiative.com/advisories/ZDI-16-018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-007 •
CVE-2015-7003 – OS X Coreaudiod Calls Uninitialized Function Pointer
https://notcve.org/view.php?id=CVE-2015-7003
coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app. coreaudiod en Audio en Apple OS X en versiones anteriores a 10.11.1 no inicializa una estructura de datos sin especificar, lo que permite a atacantes ejecutar código arbitrario a través de una aplicación manipulada. com.apple.audio.coreaudiod is reachable from various sandboxes including the Safari renderer. coreaudiod is sandboxed and runs as its own user, nevertheless it has access to various other interesting attack surfaces which safari doesn't, allowing this bug to potentially form part of a full sandbox escape chain. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html https://support.apple.com/HT205375 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-6051 – Microsoft Internet Explorer ShowSaveFileDialog Protected Mode Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-6051
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 10 y 11 permite a atacantes remotos obtener privilegios a través de un sitio web manipulado, según lo demostrado por una transición desde Low Integrity hasta Medium Integrity, también conocida como 'Internet Explorer Elevation of Privilege Vulnerability'. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of the CProtectedModeAPI::ShowSaveFileDialog API. An attacker can leverage this API to set the current working directory and allow for DLL planting. • http://www.securityfocus.com/bid/76991 http://www.securitytracker.com/id/1033800 http://www.zerodayinitiative.com/advisories/ZDI-15-545 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 •
CVE-2015-6047 – Microsoft Internet Explorer EditWith Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-6047
This vulnerability allows remote attackers to escape the Application Container and execute code in the context of the logged-in user on vulnerable installations of Microsoft Internet Explorer. • http://www.securitytracker.com/id/1033800 http://www.zerodayinitiative.com/advisories/ZDI-15-522 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-5583 – Adobe Reader Read Restrictions Bypass Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-5583
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended sandbox restrictions and obtain sensitive PDF information by launching a print job on a remote printer, a different vulnerability than CVE-2015-6705, CVE-2015-6706, and CVE-2015-7624. Adobe Reader y Acrobat 10.x en versiones anteriores a 10.1.16 y 11.x en versiones anteriores a 11.0.13, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 2015.006.30094 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 2015.009.20069 en Windows y OS X permite a atacantes eludir las restricciones destinadas a la sandbox y obtener información sensible de PDF mediante el lanzamiento de una tarea de impresión en una impresora remota, una vulnerabilidad diferente a CVE-2015-6705, CVE-2015-6706 y CVE-2015-7624. • http://www.securitytracker.com/id/1033796 http://www.zerodayinitiative.com/advisories/ZDI-15-468 https://helpx.adobe.com/security/products/acrobat/apsb15-24.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •