CVE-2021-26419 – Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-26419
Scripting Engine Memory Corruption Vulnerability Una vulnerabilidad de Corrupción de la Memoria del Motor de Scripting There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied. • http://packetstormsecurity.com/files/162570/Internet-Explorer-jscript9.dll-Memory-Corruption.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26419 • CWE-787: Out-of-bounds Write •
CVE-2021-26411 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-26411
Internet Explorer Memory Corruption Vulnerability Una Vulnerabilidad de Corrupción de la Memoria de Internet Explorer Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption. • https://github.com/CrackerCat/CVE-2021-26411 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26411 • CWE-416: Use After Free •
CVE-2020-0878 – Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-0878
<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0878 • CWE-787: Out-of-bounds Write •
CVE-2020-1570 – Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-1570
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1570 • CWE-787: Out-of-bounds Write •
CVE-2020-1567 – MSHTML Engine Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-1567
A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability. The security update addresses the vulnerability by modifying how MSHTML engine validates input. Se presenta una vulnerabilidad de ejecución de código remota en la manera en que el motor MSHTML comprueba inapropiadamente la entrada. Un atacante podría ejecutar código arbitrario en el contexto del usuario actual, también se conoce como "MSHTML Engine Remote Code Execution Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567 •