CVE-2015-6056
https://notcve.org/view.php?id=CVE-2015-6056
The (1) JScript and (2) VBScript engines in Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Los motores (1) JScript y (2) VBScript en Microsoft Internet Explorer 9 hasta la versión 11 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'Scripting Engine Memory Corruption Vulnerability'. • http://www.securitytracker.com/id/1033800 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-6051 – Microsoft Internet Explorer ShowSaveFileDialog Protected Mode Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-6051
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 10 y 11 permite a atacantes remotos obtener privilegios a través de un sitio web manipulado, según lo demostrado por una transición desde Low Integrity hasta Medium Integrity, también conocida como 'Internet Explorer Elevation of Privilege Vulnerability'. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of the CProtectedModeAPI::ShowSaveFileDialog API. An attacker can leverage this API to set the current working directory and allow for DLL planting. • http://www.securityfocus.com/bid/76991 http://www.securitytracker.com/id/1033800 http://www.zerodayinitiative.com/advisories/ZDI-15-545 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 •
CVE-2015-6052
https://notcve.org/view.php?id=CVE-2015-6052
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass." Los motores Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, tal como se utiliza en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos eludir el mecanismo de protección ASLR a través de un sitio web manipulado, también conocido como 'VBScript and JScript ASLR Bypass'. • http://www.securitytracker.com/id/1033800 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-6044
https://notcve.org/view.php?id=CVE-2015-6044
Microsoft Internet Explorer 8 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 8 permite a atacantes remotos obtener privilegios a través de un sitio web manipulado, según lo demostrado por una transición desde Low Integrity hasta Medium Integrity, también conocida como 'Internet Explorer Elevation of Privilege Vulnerability'. • http://www.securitytracker.com/id/1033800 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-6055 – Microsoft Windows VBScript Join Function Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6055
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Filter arguments, aka "Scripting Engine Memory Corruption Vulnerability." Los motores Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, tal como se utiliza en Internet Explorer 8 hasta la versión 11 y otros productos, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de argumentos Filter manipulados, también conocido como 'Scripting Engine Memory Corruption Vulnerability'. This vulnerability allows remote attackers to execute arbitrary code in applications using the VBScript scripting language running on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Join function in VBScript. • http://www.securityfocus.com/bid/77010 http://www.securitytracker.com/id/1033800 http://www.zerodayinitiative.com/advisories/ZDI-15-521 http://www.zerodayinitiative.com/advisories/ZDI-15-537 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •