CVSS: 9.3EPSS: 79%CPEs: 3EXPL: 0CVE-2015-0046 – Microsoft Internet Explorer Type Confusion Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-0046
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0038 and CVE-2015-0042. Microsoft Internet Explorer 9 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2015-0038 y CVE-2015-0042. This vulnerability allows remote attackers to disclose information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DOM manipulations. By manipulating the DOM, an attacker can cause the browser to confuse an ActiveX control with a string. • http://www.securityfocus.com/bid/72416 http://www.securitytracker.com/id/1031723 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009 • CWE-399: Resource Management Errors •
CVSS: 7.6EPSS: 7%CPEs: 6EXPL: 0CVE-2014-6354 – Microsoft Internet Explorer CSVGSVGElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6354
Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 allows remote attackers to execute arbitrary code. Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 presentan una vulnerabilidad que permite a un atacante remoto ejecutar código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CSVGSVGElement objects. By manipulating a document's elements, an attacker can force a dangling pointer to be reused after it has been freed. • http://www.zerodayinitiative.com/advisories/ZDI-15-032 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 97%CPEs: 3EXPL: 2CVE-2015-0072 – MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection
https://notcve.org/view.php?id=CVE-2015-0072
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)." Vulnerabilidad de XSS en Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos eludir la Same Origin Policy e inyectar secuencias de comandos web o HTML arbitrarios a través de vectores que involucran un elemento IFRAME que desencadena una redirección, un segundo elemento IFRAME que no desencadena una redirección y una eval de un objeto WindowProxy, también conocido como "Universal XSS (UXSS)". • http://community.websense.com/blogs/securitylabs/archive/2015/02/05/another-day-another-zero-day-internet-explorer-s-turn-cve-2015-0072.aspx http://innerht.ml/blog/ie-uxss.html http://packetstormsecurity.com/files/130308/Microsoft-Internet-Explorer-Universal-XSS-Proof-Of-Concept.html http://seclists.org/fulldisclosure/2015/Feb/0 http://secunia.com/advisories/62658 http://www.pcworld.com/article/2879372/dangerous-ie-vulnerability-opens-door-to-powerful-phishing-attacks.html http://www.securityfocus.com&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 97%CPEs: 23EXPL: 3CVE-2015-0313 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2015-0313
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 13.0.0.269 y 14.x hasta la versión 16.x en versiones anteriores a 16.0.0.305 en Windows y OS X y en versiones anteriores a 11.2.202.442 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, según se ha explotado activamente en febrero de 2015, una vulnerabilidad diferente a CVE-2015-0315, CVE-2015-0320 y CVE-2015-0322. Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. • https://www.exploit-db.com/exploits/36579 https://www.exploit-db.com/exploits/36491 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html http://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.html http://secunia& • CWE-416: Use After Free •
CVSS: 9.3EPSS: 2%CPEs: 17EXPL: 0CVE-2015-0312 – flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03)
https://notcve.org/view.php?id=CVE-2015-0312
Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de doble liberación en Adobe Flash Player anterior a 13.0.0.264 y 14.x hasta 16.x anterior a 16.0.0.296 en Windows y OS X y anterior a 11.2.202.440 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados. • http://helpx.adobe.com/security/products/flash-player/apsb15-03.html http://secunia.com/advisories/62432 http://secunia.com/advisories/62543 http://secunia.com/advisories/62660 http://www.securityfocus.com/bid/72343 http://www.securitytracker.com/id/1031634 https://exchange.xforce.ibmcloud.com/vulnerabilities/100394 https://technet.microsoft.com/library/security/2755801 https://access.redhat.com/security/cve/CVE-2015-0312 https://bugzilla.redhat.com/show_bug.cgi?id=1185296 • CWE-415: Double Free •