CVSS: 9.3EPSS: 79%CPEs: 2EXPL: 0CVE-2015-0035 – Microsoft Internet Explorer CIFrameElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0035
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0027, CVE-2015-0039, CVE-2015-0052, and CVE-2015-0068. Microsoft Internet Explorer 10 y 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-0027, CVE-2015-0039, CVE-2015-0052, y CVE-2015-0068. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer displays iframe elements. By manipulating a document's elements an attacker can force a CIFrameElement object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/72447 http://www.securitytracker.com/id/1031723 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 79%CPEs: 6EXPL: 0CVE-2015-0036 – Microsoft Internet Explorer CShadow Direction Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0036
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0041. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, y CVE-2015-0041. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CShadow::put_Direction function. The issue lies in the failure to properly sanitize a user-supplied value. • http://www.securityfocus.com/bid/72446 http://www.securitytracker.com/id/1031723 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 79%CPEs: 3EXPL: 0CVE-2015-0038 – Microsoft Internet Explorer CUListElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0038
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0042 and CVE-2015-0046. Microsoft Internet Explorer 9 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-0042 y CVE-2015-0046. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CUListElement objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/72404 http://www.securitytracker.com/id/1031723 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 79%CPEs: 6EXPL: 0CVE-2015-0041 – Microsoft Internet Explorer CTreePos Double Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0041
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0036. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, y CVE-2015-0036. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CTreePos objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://www.securityfocus.com/bid/72411 http://www.securitytracker.com/id/1031723 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 79%CPEs: 3EXPL: 0CVE-2015-0042 – Microsoft Internet Explorer SVG Marker Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0042
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0038 and CVE-2015-0046. Microsoft Internet Explorer 9 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-0038 y CVE-2015-0046. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes SVG marker objects. By manipulating a document's elements an attacker can force a CGeneratedSvgTreeNode object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/72412 http://www.securitytracker.com/id/1031723 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009 • CWE-399: Resource Management Errors •