CVE-2015-5583 – Adobe Reader Read Restrictions Bypass Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-5583
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended sandbox restrictions and obtain sensitive PDF information by launching a print job on a remote printer, a different vulnerability than CVE-2015-6705, CVE-2015-6706, and CVE-2015-7624. Adobe Reader y Acrobat 10.x en versiones anteriores a 10.1.16 y 11.x en versiones anteriores a 11.0.13, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 2015.006.30094 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 2015.009.20069 en Windows y OS X permite a atacantes eludir las restricciones destinadas a la sandbox y obtener información sensible de PDF mediante el lanzamiento de una tarea de impresión en una impresora remota, una vulnerabilidad diferente a CVE-2015-6705, CVE-2015-6706 y CVE-2015-7624. • http://www.securitytracker.com/id/1033796 http://www.zerodayinitiative.com/advisories/ZDI-15-468 https://helpx.adobe.com/security/products/acrobat/apsb15-24.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7829 – Adobe Reader Arbitrary File Deletion Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-7829
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows mishandle junctions in the Synchronizer directory, which allows attackers to delete arbitrary files via Adobe Collaboration Sync, a related issue to CVE-2015-2428. Adobe Reader y Acrobat 10.x en versiones anteriores a 10.1.16 y 11.x en versiones anteriores a 11.0.13, Acrobat y Acrobat Reader DC Classic en versiones anteriores a 2015.006.30094 y Acrobat y Acrobat Reader DC Continuous en versiones anteriores a 2015.009.20069 en Windows no maneja correctamente las uniones en el directorio Synchronizer, lo que permite a atacantes borrar archivos arbitrarios a través de Adobe Collaboration Sync, un caso relacionado con CVE-2015-2428. This vulnerability allows local attackers to delete arbitrary files on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of junction points. An attacker running code in the context of a sandboxed Adobe Reader process can set up a junction point in the Synchronizer folder and then run Adobe Collaboration Sync which will delete the contents of the folder. • http://www.securitytracker.com/id/1033796 http://www.zerodayinitiative.com/advisories/ZDI-15-465 https://helpx.adobe.com/security/products/acrobat/apsb15-24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-2489 – Microsoft Internet Explorer ISettingsBroker Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-2489
Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Elevation of Privilege Vulnerability." Vulnerabilidad en Microsoft Internet Explorer 11, permite a atacantes remotos obtener privilegios a través de un sitio web manipulado, según lo demostrado por una transición desde Low Integrity hasta Medium Integrity, también conocida como 'Elevation of Privilege Vulnerability.' This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of ISettingsBroker. By using a specified CLSID to the setValue method, an attacker can modify privileged registry values. • http://www.securityfocus.com/bid/76585 http://www.securitytracker.com/id/1033487 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-2429 – Microsoft Internet Explorer CIERegistryHelper::SetSingleValue Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-2429
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified registry actions via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability." Vulnerabilidad en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2 y Windows RT Gold y 8.1, permite a atacantes evadir el mecanismo de protección de una aplicación sandbox y realizar acciones de registro no especificados a a través de una aplicación manipulada, también conocida como 'Windows Registry Elevation of Privilege Vulnerability.' • http://www.securitytracker.com/id/1033251 http://www.zerodayinitiative.com/advisories/ZDI-15-379 http://www.zerodayinitiative.com/advisories/ZDI-15-380 http://www.zerodayinitiative.com/advisories/ZDI-15-459 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-090 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-2454 – Microsoft Internet Explorer HelpPane Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-2454
This vulnerability allows remote attackers to escape Protected Mode on vulnerable installations of Microsoft Internet Explorer User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the HelpPane executable. • http://www.securitytracker.com/id/1033238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-080 • CWE-264: Permissions, Privileges, and Access Controls •