Microsoft: >> Internet Explorer >> 11 Security Vulnerabilities
Microsoft Internet Explorer 11 and Microsoft Edge mishandle content types, which allows remote attackers to execute arbitrary web script in a privileged context via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability."
CVSS Score
9.3
EPSS Score
0.231
Published
2015-12-09
Microsoft Internet Explorer 8 through 11 mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Internet Explorer XSS Filter Bypass Vulnerability."
CVSS Score
4.3
EPSS Score
0.24
Published
2015-12-09
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
CVSS Score
9.3
EPSS Score
0.446
Published
2015-12-09
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."
CVSS Score
5.0
EPSS Score
0.098
Published
2015-12-09
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6151.
CVSS Score
9.3
EPSS Score
0.181
Published
2015-12-09
Use-after-free vulnerability in the CElement object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript that improperly interacts with use of the Cascading Style Sheets (CSS) empty-cells property for a TABLE element, aka "Internet Explorer Memory Corruption Vulnerability."
CVSS Score
9.3
EPSS Score
0.344
Published
2015-11-13
The Microsoft (1) VBScript and (2) JScript engines, as used in Internet Explorer 8 through 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
CVSS Score
9.3
EPSS Score
0.281
Published
2015-11-11
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6074, and CVE-2015-6076.
CVSS Score
9.3
EPSS Score
0.281
Published
2015-11-11
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass."
CVSS Score
4.3
EPSS Score
0.214
Published
2015-11-11
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVSS Score
4.3
EPSS Score
0.627
Published
2015-11-11