CVSS: 9.3EPSS: 69%CPEs: 2EXPL: 0CVE-2015-1736 – Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1736
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1737, and CVE-2015-1755. Microsoft Internet Explorer 10 y 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1731, CVE-2015-1737, y CVE-2015-1755. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes the removal of attributes from HTML elements. By manipulating a document's elements an attacker can force a CAttrArray object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/74978 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-253 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 8%CPEs: 2EXPL: 0CVE-2015-1755 – Microsoft Internet Explorer COptionElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1755
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1731, CVE-2015-1736, and CVE-2015-1737. Microsoft Internet Explorer 10 y 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1731, CVE-2015-1736, y CVE-2015-1737. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes HTML option elements that are placed inside datalist elements. By manipulating a document's elements an attacker can force a COptionElement object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/74992 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-254 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1204 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 54%CPEs: 6EXPL: 0CVE-2015-1766
https://notcve.org/view.php?id=CVE-2015-1766
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1745. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, y CVE-2015-1745. • http://www.securityfocus.com/bid/74993 http://www.securitytracker.com/id/1032521 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 69%CPEs: 6EXPL: 0CVE-2015-1745 – Microsoft Internet Explorer mergeAttributes Uninitialized Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1745
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, and CVE-2015-1766. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1735, CVE-2015-1740, CVE-2015-1744, y CVE-2015-1766. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer merges attributes of HTML elements. By manipulating a document's elements an attacker can cause a CAttrValue object to be created with uninitialized data. • http://www.securityfocus.com/bid/74985 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-252 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 11%CPEs: 3EXPL: 0CVE-2015-1765
https://notcve.org/view.php?id=CVE-2015-1765
Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site. Microsoft Internet Explorer 9 hasta 11 permite a atacantes remotos leer el historial del navegador a través de un sitio web manipulado. • http://www.securityfocus.com/bid/74994 http://www.securitytracker.com/id/1032521 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •