CVSS: 9.3EPSS: 43%CPEs: 6EXPL: 0CVE-2015-2404 – Microsoft Internet Explorer applet Element Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2404
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2406, and CVE-2015-2422. Microsoft Internet Explorer de la versión 6 a la 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como “Vulnerabilidad de corrupción de Memoria en Internet Explorer”, una vulnerabilidad diferente a CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2406, y a CVE-2015-2422. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes the HTML applet elements. By manipulating a document's elements an attacker can force a CMarkup object in memory to be reused after it has been freed. • http://www.securitytracker.com/id/1032894 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 43%CPEs: 6EXPL: 0CVE-2015-2397 – Microsoft Internet Explorer CTableSection Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2397
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422. Microsoft Internet Explorer en la versión 6 a la 11, permite a atacantes remotos la ejecución de código arbitrario o causar una denegación de servicio mediante la corrupción de la memoria a través de un sitio web específicamente diseñado para este fin, error conocido como 'Internet Explorer Memory Corruption Vulnerability,' una vulnerabilidad diferente de CVE-2015-2385, CVE-2015-2390, CVE-2015-2404, CVE-2015-2406, y CVE-2015-2422. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes the HTML table sections. By manipulating a document's elements an attacker can force a CTableSection object in memory to be reused after it has been freed. • http://www.securitytracker.com/id/1032894 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 43%CPEs: 6EXPL: 0CVE-2015-2406 – Microsoft Internet Explorer CTableRow Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2406
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2422. Microsoft Internet Explorer de la versión 6 a la 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como “Vulnerabilidad de corrupción de Memoria en Internet Explorer”, una vulnerabilidad diferente a CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, y a CVE-2015-2422. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CTableRow objects. By manipulating a document's elements, an attacker can force a dangling pointer to be reused after it has been freed. • http://www.securitytracker.com/id/1032894 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 50%CPEs: 6EXPL: 0CVE-2015-1735 – Microsoft Internet Explorer hr Element Uninitialized Variable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1735
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1740, CVE-2015-1744, CVE-2015-1745, and CVE-2015-1766. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1740, CVE-2015-1744, CVE-2015-1745, y CVE-2015-1766. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes certain operations on HTML hr elements. Internet Explorer erroneously uses a VARIANT structure in memory before it has been properly initialized. • http://www.securityfocus.com/bid/74972 http://www.securitytracker.com/id/1032521 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-399: Resource Management Errors •
CVSS: 6.9EPSS: 1%CPEs: 5EXPL: 0CVE-2015-1748 – Microsoft Internet Explorer Protocol Handler Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-1748
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1743. Microsoft Internet Explorer 7 hasta 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la elevación de privilegios de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-1743. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of res:// and Windows Help Engine. By running specially crafted JavaScript, a 32-bit medium integrity process can be spawned. • http://www.securityfocus.com/bid/74997 http://www.securitytracker.com/id/1032521 http://www.zerodayinitiative.com/advisories/ZDI-15-251 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056 • CWE-264: Permissions, Privileges, and Access Controls •