CVE-2015-6159 – Microsoft Internet Explorer TextBlock Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-6159
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6158, and CVE-2015-6160. Microsoft Internet Explorer 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Microsoft Browser Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6158 y CVE-2015-6160. This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the DOM after changing the text direction. By manipulating a document's elements an attacker can force an out-of-bounds read. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034316 http://www.zerodayinitiative.com/advisories/ZDI-15-645 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6135 – Microsoft Windows VBScript CreateObject Function Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-6135
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." Los motores de Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, como se utilizan en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, también conocida como 'Scripting Engine Information Disclosure Vulnerability'. This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the VBScript CreateObject function. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034317 http://www.zerodayinitiative.com/advisories/ZDI-15-586 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-126 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-6136 – Microsoft Windows VBScript Split Function Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-6136
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Los motores de Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, como se utilizan en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, también conocida como 'Scripting Engine Memory Corruption Vulnerability'. This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the VBScript Split function. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034317 http://www.zerodayinitiative.com/advisories/ZDI-15-591 http://www.zerodayinitiative.com/advisories/ZDI-15-592 http://www.zerodayinitiative.com/advisories/ZDI-15-593 http://www.zerodayinitiative.com/advisories/ZDI-15-594 http://www.zerodayinitiative.com/advisories/ZDI-15-595 http://www.zerodayinitiative.com/advisories/ZDI-15-597 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6142 – Microsoft Internet Explorer CAttrArray Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6142
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6143, CVE-2015-6153, CVE-2015-6158, CVE-2015-6159, and CVE-2015-6160. Microsoft Internet Explorer 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Microsoft Browser Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6140, CVE-2015-6143, CVE-2015-6153, CVE-2015-6158, CVE-2015-6159 y CVE-2015-6160. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes style attributes. By manipulating a document's elements an attacker can force an array allocated by a CStyleAttrArray object to be processed as if it were a CAttrArray object. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034316 http://www.zerodayinitiative.com/advisories/ZDI-15-587 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6143 – Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6143
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6153, CVE-2015-6158, CVE-2015-6159, and CVE-2015-6160. Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6140, CVE-2015-6142, CVE-2015-6153, CVE-2015-6158, CVE-2015-6159 y CVE-2015-6160. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes style attributes. By manipulating a document's elements an attacker can force an array allocated by a CAttrArray object to be reused after it has been freed. • http://www.securitytracker.com/id/1034315 http://www.zerodayinitiative.com/advisories/ZDI-15-584 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •