CVE-2015-2368 – Microsoft Internet Explorer DLL Planting Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-2368
Untrusted search path vulnerability in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Windows DLL Remote Code Execution Vulnerability." Vulnerabilidad en la busqueda de ruta no confiable en Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2 y Windows RT 8.1 permite a usuarios locales obtener privilegios a través de un Troyano DLL en el directorio de trabajo actual, error conocido como 'Windows DLL Remote Code Execution Vulnerability.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DLL loading by the Internet Explorer broker process, which can be induced to load a library in its context from a directory controlled by the low-integrity process. An attacker can leverage this vulnerability to execute code under the context of the user at medium integrity. • http://www.securitytracker.com/id/1032898 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-069 •
CVE-2015-3693 – Rowhammer - NaCl Sandbox Escape
https://notcve.org/view.php?id=CVE-2015-3693
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations. Apple Mac EFI anterior a 2015-001, utilizado en OS X anterior a 10.10.4 y otros productos, no configura correctamente los indices actualizados para DDR3 RAM, lo que podría facilitar a atacantes remotos realizar ataques 'row-hammer', y como consecuencia gnar privilegios o causar una denegación de servicio (corrupción de memoria), mediante la provocación de ciertas pautas de acceso a localizaciones de memoria. • https://www.exploit-db.com/exploits/36311 http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00003.html http://support.apple.com/kb/HT204934 http://support.apple.com/kb/HT204942 http://www.securityfocus.com/bid/75495 http://www.securitytracker.com/id/1032444 http://www.securitytracker.com/id/1032755 • CWE-254: 7PK - Security Features •
CVE-2015-1739 – Microsoft Internet Explorer Add-On Installer EPM Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-1739
This vulnerability allows attackers to escape the Extended Protection Mode sandbox of vulnerable installations of Microsoft Internet Explorer. • http://www.securityfocus.com/bid/74995 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-249 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-1748 – Microsoft Internet Explorer Protocol Handler Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-1748
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1743. Microsoft Internet Explorer 7 hasta 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la elevación de privilegios de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1743. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of res:// and Windows Help Engine. By running specially crafted JavaScript, a 32-bit medium integrity process can be spawned. • http://www.securityfocus.com/bid/74997 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-251 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-1743 – Microsoft Internet Explorer add-on Installer Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-1743
This vulnerability allows remote attackers to escape Enhanced Protected Mode on vulnerable installations of Microsoft Internet Explorer. • http://www.securityfocus.com/bid/74996 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-377 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •