CVE-2015-6156
https://notcve.org/view.php?id=CVE-2015-6156
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6148. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6148. • http://www.securitytracker.com/id/1034315 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6158
https://notcve.org/view.php?id=CVE-2015-6158
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6159, and CVE-2015-6160. Microsoft Internet Explorer 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Microsoft Browser Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6159 y CVE-2015-6160. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034316 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1214 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6159 – Microsoft Internet Explorer TextBlock Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-6159
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6158, and CVE-2015-6160. Microsoft Internet Explorer 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Microsoft Browser Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6158 y CVE-2015-6160. This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the DOM after changing the text direction. By manipulating a document's elements an attacker can force an out-of-bounds read. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034316 http://www.zerodayinitiative.com/advisories/ZDI-15-645 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6162
https://notcve.org/view.php?id=CVE-2015-6162
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6152. Microsoft Internet Explorer 10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6152. • http://www.securitytracker.com/id/1034315 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6135 – Microsoft Windows VBScript CreateObject Function Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-6135
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." Los motores de Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, como se utilizan en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, también conocida como 'Scripting Engine Information Disclosure Vulnerability'. This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the VBScript CreateObject function. • http://www.securitytracker.com/id/1034315 http://www.securitytracker.com/id/1034317 http://www.zerodayinitiative.com/advisories/ZDI-15-586 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-126 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •