CVSS: 9.3EPSS: 37%CPEs: 5EXPL: 0CVE-2015-6076 – Microsoft Internet Explorer htmlFor Attribute Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6076
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6074, and CVE-2015-6087. Microsoft Internet Explorer 7 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6074 y CVE-2015-6087. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes the htmlFor attribute of script elements. By manipulating a document's elements an attacker can force a CElement-derived object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/77449 http://www.securitytracker.com/id/1034112 http://www.zerodayinitiative.com/advisories/ZDI-15-541 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 37%CPEs: 1EXPL: 0CVE-2015-6077 – Microsoft Internet Explorer CTsfTextStore Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6077
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082. Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6079, CVE-2015-6080 y CVE-2015-6082. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer uses CTsfTextStore objects. By manipulating a document's elements an attacker can force a CTsfTextStore object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/77450 http://www.securitytracker.com/id/1034112 http://www.zerodayinitiative.com/advisories/ZDI-15-542 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 88%CPEs: 3EXPL: 0CVE-2015-6064 – Microsoft Internet Explorer COptionElement::InvalidateDataListAncestorCollections Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6064
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6084 and CVE-2015-6085. Microsoft Internet Explorer 10 y 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como 'Microsoft Browser Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6084 y CVE-2015-6085. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer caches the options collection of datalist elements. By manipulating a document's elements an attacker can force a COptionElement object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/77470 http://www.securitytracker.com/id/1034112 http://www.securitytracker.com/id/1034113 http://www.zerodayinitiative.com/advisories/ZDI-15-538 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-113 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 93%CPEs: 3EXPL: 2CVE-2015-6086 – Microsoft Internet Explorer CDOMStringDataList::InitFromString Out-Of-Bounds Indexing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-6086
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos obtener información sensible de la memoria de proceso a través de una página web manipulada, también conocida como 'Internet Explorer Information Disclosure Vulnerability'. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CDOMStringDataList::InitFromString. By manipulating a document's elements an attacker can read outside the bounds of an allocated chunk. • https://www.exploit-db.com/exploits/39698 https://github.com/payatu/CVE-2015-6086 http://www.securityfocus.com/bid/77461 http://www.securitytracker.com/id/1034112 http://www.zerodayinitiative.com/advisories/ZDI-15-547 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 37%CPEs: 1EXPL: 0CVE-2015-6075 – Microsoft Internet Explorer URLIMGCTX Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6075
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6077, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082. Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como 'Internet Explorer Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6077, CVE-2015-6079, CVE-2015-6080 y CVE-2015-6082. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes images specified using the CSS url() function. By manipulating a document's elements an attacker can force a CElement-derived object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/77448 http://www.securitytracker.com/id/1034112 http://www.zerodayinitiative.com/advisories/ZDI-15-540 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •