CVSS: 4.3EPSS: 25%CPEs: 10EXPL: 0CVE-2015-6059
https://notcve.org/view.php?id=CVE-2015-6059
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." Los motores Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, tal como se utiliza en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos obtener información sensible de los procesos de la memoria a través de un sitio web manipulado, también conocido como 'Scripting Engine Information Disclosure Vulnerability'. • http://www.securitytracker.com/id/1033800 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 20%CPEs: 1EXPL: 0CVE-2015-6045 – Microsoft Internet Explorer empty-cells Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6045
Use-after-free vulnerability in the CElement object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript that improperly interacts with use of the Cascading Style Sheets (CSS) empty-cells property for a TABLE element, aka "Internet Explorer Memory Corruption Vulnerability." Vulnerabilidad de uso después de liberación de memoria en la implementación del objeto CElement en Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de JavaScript manipulado que interactúa indebidamente con el uso de la propiedad empty-cells de Cascading Style Sheets (CSS) en un elemento TABLE, también conocida como 'Internet Explorer Memory Corruption Vulnerability'. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer performs layout of table cells when the CSS empty-cells property is specified. By manipulating a document's elements an attacker can force a CElement-derived object in memory to be reused after it has been freed. • http://www.zerodayinitiative.com/advisories/ZDI-15-523 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 •
CVSS: 9.3EPSS: 94%CPEs: 10EXPL: 1CVE-2015-2482 – Microsoft Windows JavaScript Regular Expression Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2482
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted replace operation with a JavaScript regular expression, aka "Scripting Engine Memory Corruption Vulnerability." Los motores Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, tal como se utiliza en Internet Explorer 8 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una operación de sustitución manipulada con una expresión regular JavaScript, también conocido como 'Scripting Engine Memory Corruption Vulnerability'. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to search and replace operations performed using JavaScript regular expressions. An attacker can cause the in-memory representation of a regular expression to be freed while it is being used in a replace operation. • https://www.exploit-db.com/exploits/40798 http://seclists.org/fulldisclosure/2015/Oct/54 http://www.securitytracker.com/id/1033800 http://www.zerodayinitiative.com/advisories/ZDI-15-515 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 59%CPEs: 1EXPL: 0CVE-2015-6042 – Microsoft Internet Explorer CWindow Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6042
Use-after-free vulnerability in the CWindow object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Vulnerabilidad de uso después de liberación de memoria en la implementación del objeto CWindow en Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como 'Internet Explorer Memory Corruption Vulnerability'. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer handles CWindow objects. By manipulating a document's elements an attacker can force a CWindow object in memory to be reused after it has been freed. • http://www.securitytracker.com/id/1033800 http://www.zerodayinitiative.com/advisories/ZDI-15-520 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 96%CPEs: 1EXPL: 0CVE-2015-6053 – Microsoft Windows JScript ArrayBuffer.slice Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-6053
Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via crafted parameters in an ArrayBuffer.slice call, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 11 permite a atacantes remotos obtener información sensible de la memoria de proceso a través de parámetros manipulados en una llamada a ArrayBuffer.slice, también conocida como 'Internet Explorer Information Disclosure Vulnerability'. This vulnerability allows remote attackers to disclose the contents of arbitrary memory locations on applications using the JScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the ArrayBuffer.slice method. • http://www.securitytracker.com/id/1033800 http://www.zerodayinitiative.com/advisories/ZDI-15-518 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •