CVE-2015-2449
https://notcve.org/view.php?id=CVE-2015-2449
Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass." Vulnerabilidad en Microsoft Internet Explorer 7 hasta la versión 11 y Edge, permite a atacantes remotos eludir el mecanismo de protección ASLR a través de una página web manipulada, también conocido como 'ASLR Bypass'. • http://www.securitytracker.com/id/1033237 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-091 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-2444 – Microsoft Internet Explorer - CTreeNode::GetCascadedLang Use-After-Free (MS15-079)
https://notcve.org/view.php?id=CVE-2015-2444
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2442. Vulnerabilidad en Microsoft Internet Explorer 8 hasta la versión 11, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como 'Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-2442. • https://www.exploit-db.com/exploits/37764 http://www.securityfocus.com/bid/76194 http://www.securitytracker.com/id/1033237 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-2443 – Microsoft Internet Explorer stack Property Descriptor Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2443
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability." Vulnerabilidad en Microsoft Internet Explorer 10 y 11, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como 'Memory Corruption Vulnerability'. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the accessor function for the stack trace property descriptor. The issue lies in the failure to ensure that the 'this' parameter is an object and not a native integer. • http://www.securityfocus.com/bid/76195 http://www.securitytracker.com/id/1033237 http://www.zerodayinitiative.com/advisories/ZDI-15-382 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-2448 – Microsoft Internet Explorer Array Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2448
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability." Vulnerabilidad en Microsoft Internet Explorer 9 y 10, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como 'Memory Corruption Vulnerability'. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Array's call function. The issue lies in the failure to properly ensure that the 'this' parameter is an object and not a native integer. • http://www.securityfocus.com/bid/76191 http://www.securitytracker.com/id/1033237 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-2450 – Microsoft Internet Explorer COrphanedStyleSheetArray Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2450
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2451. Vulnerabilidad en Microsoft Internet Explorer 9 hasta la versión 11, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de una página web manipulada, también conocida como 'Memory Corruption Vulnerability', una vulnerabilidad diferente a CVE-2015-2451. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer processes CSS stylesheets associated with HTML documents. By manipulating a document's elements an attacker can cause a COrphanedStyleSheetArray object in memory to be reused after it has been freed. • http://www.securityfocus.com/bid/76190 http://www.securitytracker.com/id/1033237 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-079 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •