1635 matches found
CVE-2020-0674
Technical details for CVE-2020-0674 are not publicly provided in the supplied documents; no specific affected products/versions or remediation details are present. Monitor for updates from authoritative sources.
CVE-2016-0189
CVE-2016-0189 is a memory-corruption flaw in Microsoft JScript/VBScript engines used by Internet Explorer 9–11 that attackers could trigger via crafted web content to achieve remote code execution or memory corruption. Connected sources show exploitation within exploit kits (notably Neutrino/Nept...
CVE-2015-4000
CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...
CVE-2021-26411
CVE-2021-26411 (Internet Explorer Memory Corruption) is a memory-corruption vulnerability in IE that was exploited in the wild as a zero‑day. Project Zero’s analysis attributes two primary bug patterns to IE exploitation: a use-after-free caused by a user-controlled callback between object operat...
CVE-2013-2551
CVE-2013-2551 is a use-after-free vulnerability in Microsoft Internet Explorer (IE 6–10) that allows remote code execution when a crafted web page triggers access to a deleted object. The issue is documented as an internet-explorer use-after-free vulnerability exploited via drive-by pages (notabl...
CVE-2020-1380
CVE-2020-1380 : Internet Explorer Scripting Engine memory corruption vulnerability in which memory objects mishandled by the scripting engine (jscript9.dll) can allow remote code execution in the context of the current user..attack vector: web-based via crafted websites or hosting IE rendering en...
CVE-2019-1367
CVE-2019-1367 is a remote code-execution vulnerability in Microsoft Internet Explorer’s scripting engine memory handling. Affects Internet Explorer; described as memory corruption when the scripting engine handles objects in memory. The CVE is linked to ongoing mitigation activity: Microsoft rele...
CVE-2019-0752
CVE-2019-0752 is a remote code execution in Microsoft Internet Explorer caused by how the scripting engine handles memory objects, leading to memory corruption in IE10/IE11. Multiple connected sources confirm exploit presence (ZDI-19-359, Exploit-DB), and CISA lists it as a known exploited vulner...
CVE-2020-0968
CVE-2020-0968 is described as a remote code execution vulnerability in the Internet Explorer Script Engine memory handling. The connected document set also references a separate ChakraCore scripting engine memory corruption RCE (GHSA-233H-59M2-QQF2), noting a similar vulnerability class but not p...
CVE-2012-4969
The CVE-2012-4969 issue is a use-after-free in the CMshtmlEd::Exec function of mshtml.dll used by Microsoft Internet Explorer (IE6–IE9 according to the CVE payload). Exploitation enabled remote code execution via a crafted website; the vulnerability was observed in the wild around September 2012....
CVE-2013-1347
CVE-2013-1347 (Internet Explorer 8) is a remote code execution vulnerability in IE8 arising from a use-after-free in CGenericElement/mshtml.dll when handling in-memory objects. Exploitation in the wild during 2013 (notably DoL incident) demonstrated remote code execution by visiting a crafted web...
CVE-2019-1429
CVE-2019-1429 is a Microsoft Internet Explorer JScript memory-corruption vulnerability (use-after-free) in the scripting engine. It fixes a shortcoming/variant of CVE-2019-1367, specifically triggered via toJSON in the arguments array, with exploitation in-the-wild noted and a patch released by M...
CVE-2020-0878
CVE-2020-0878 is a memory corruption vulnerability in the way Microsoft Edge/Internet Explorer access objects in memory, enabling remote code execution in the context of the current user. Public description confirms a network-exploitable scenario via malicious websites or compromised sites, with ...
CVE-2018-8373
CVE-2018-8373 describes a remote code execution vulnerability in Internet Explorer due to how the scripting engine handles objects in memory. Affected software includes Internet Explorer 9, 10, and 11. The root cause is memory handling flaws in the scripting engine that can be triggered remotely ...
CVE-2014-0322
The CVE-2014-0322 issue is a Use-After-Free in Internet Explorer 9–10 triggered by crafted JavaScript/CMarkup and the onpropertychange attribute of a script element, exploited in the wild in early 2014. Affected product: Microsoft Internet Explorer 9 and 10 . Root cause: use-after-free condition ...
CVE-2019-0541
CVE-2019-0541 – MSHTML Engine Remote Code Execution involves an input validation vulnerability in the MSHTML engine that can let an attacker execute arbitrary code on affected systems. Affected software includes Internet Explorer (IE9/10/11), Microsoft Office components (Office/Word/Excel viewers...
CVE-2017-0222
CVE-2017-0222 and CVE-2017-0226 describe a remote code execution vulnerability in Microsoft’s Internet Explorer caused by improper access to memory objects. The root cause is memory corruption during object handling, leading to possible code execution in the current user context. CVSS data in the...
CVE-2013-3897
CVE-2013-3897 is a use-after-free vulnerability in the CDisplayPointer class of mshtml.dll used by Microsoft Internet Explorer (IE6–IE11). The flaw is triggered via crafted JavaScript using the onpropertychange event, leading to remote code execution or memory corruption. Public discussions and r...
CVE-2017-0037
CVE-2017-0037 affects Microsoft Internet Explorer 10/11 and Microsoft Edge via a type confusion in mshtml.dll (Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement), enabling remote code execution through crafted CSS/JS sequences. Connected sources note public exploitation acti...
CVE-2021-27085
Technical details about CVE-2021-27085 are not publicly provided in the connected documents. The sources mention Internet Explorer RCE but do not specify affected versions, exploits, or remediations in the supplied materials. Monitor for updates.
CVE-2015-0313
Adobe Flash Player is affected by a use-after-free vulnerability (CVE-2015-0313) that enables remote code execution via crafted SWF handling. Affected products include Flash Player versions prior to 13.0.0.269 and 14.x–16.x prior to 16.0.0.305 on Windows/macOS, and prior to 11.2.202.442 on Linux....
CVE-2014-1776
CVE-2014-1776 is a memory‑safety flaw in Microsoft Internet Explorer (versions 6–11) described as a use‑after‑free in CMarkup::IsConnectedToPrimaryMarkup. Exploitation leads to remote code execution or memory corruption, with evidence of in‑the‑wild activity in April 2014. The vulnerability affec...
CVE-2017-0059
CVE-2017-0059 affects Microsoft Internet Explorer 9–11 and is described as an information-disclosure vulnerability that allows remote attackers to obtain sensitive data from process memory via a crafted web site. The CVE has public exploit references (e.g., Exploit-DB entries) and has been observ...
CVE-2017-0149
CVE-2017-0149 concerns Microsoft Internet Explorer (IE) 9–11, described as a memory corruption vulnerability that can allow remote code execution or cause a denial of service when a user visits a crafted website. The connected documents reiterate that this IE memory‑corruption issue is distinct f...
CVE-2017-0210
CVE-2017-0210 is an Internet Explorer elevation-of-privilege vulnerability caused by IE not properly enforcing cross-domain policies, allowing information disclosure and potential content injection across domains. The CVE is referenced in multiple 2017 security updates for Internet Explorer and i...
CVE-2016-0162
CVE-2016-0162 affects Microsoft Internet Explorer 9–11. The vulnerability is an information disclosure flaw: crafted JavaScript can cause IE to reveal the existence of local files, enabling an attacker to detect specific files on a user’s system. Impact is limited to information disclosure (not c...
CVE-2015-2419
CVE-2015-2419 is a JScript 9 vulnerability in Microsoft Internet Explorer (IE10/IE11) that allows remote code execution and memory corruption when processing crafted JSON with JSON.stringify. The CVE is exploited via malicious web content and has been leveraged by loaders in exploit kits (notably...
CVE-2015-2425
Technical details about CVE-2015-2425 are not publicly available in the provided connected documents. Current sources confirm IE11 memory corruption remote code execution vector, but specifics (affected versions, root cause, fixes) are not disclosed here. Monitor for updates.
CVE-2013-7331
CVE-2013-7331 is an information-disclosure vulnerability in the Microsoft XMLDOM ActiveX control used by Internet Explorer on Windows (XMLDOM object). The flaw allows an attacker to determine the existence of local pathnames, UNC shares, intranet hostnames, and intranet IP addresses by inspecting...
CVE-2018-8653
CVE-2018-8653 is a remote code execution vulnerability in Microsoft Internet Explorer’s scripting engine memory handling (JScript). Affected: IE 9, 10, and 11. Root cause: memory corruption within the scripting engine when handling in-memory objects, enabling an attacker to execute arbitrary code...
CVE-2019-0676
CVE-2019-0676 is an Internet Explorer information-disclosure vulnerability caused by improper handling of memory objects, enabling an attacker to test for the presence of files on disk. The affected component is IE’s memory handling (JScript/Win32k context noted in analyses), with exploitation ob...
CVE-2015-0311
CVE-2015-0311 affects Adobe Flash Player on Windows/macOS up to 16.0.0.287 and Linux 11.2.202.438, described as an unspecified vulnerability that allowed remote code execution via unknown vectors. Exploitation in the wild was reported in January 2015. Connected sources confirm this is a remote-co...
CVE-2016-3351
CVE-2016-3351 is a information-disclosure vulnerability affecting Microsoft Internet Explorer (IE) 9–11 and Microsoft Edge. The issue arises from improper handling of objects in memory by affected scripting engines, which could allow a remote attacker to detect or obtain sensitive files on the us...
CVE-2014-4123
CVE-2014-4123 affects Microsoft Internet Explorer 7–11. The vulnerability allows remote attackers to gain privileges via a crafted web site (elevation of privilege). Exploitation in the wild was noted in October 2014 (per the CVE description). Mitigation: apply the MS14-056 cumulative update for ...
CVE-2015-2502
CVE-2015-2502 affects Internet Explorer 7–11 and is a memory-corruption vulnerability triggered by visiting a crafted web site. The issue allows remote code execution (or DoS) and was exploited in the wild around August 2015. Public documentation identifies the affected software as Internet Explo...
CVE-2016-3298
CVE-2016-3298 affects Microsoft Internet Explorer 9–11 and the Internet Messaging API on Windows (Vista/7/Server 2008 R2 family). The root cause is improper handling of objects in memory, enabling a crafted web site to disclose whether arbitrary files exist on disk (information disclosure). The v...
CVE-2014-2817
CVE-2014-2817 summary (normal mode) : Affects Microsoft Internet Explorer 6–11, where a crafted web site can escalate privileges to the attacker. Root cause is an elevation of privilege vulnerability in IE; exploitation vector is remote and via a crafted page. Public exploits exist for this vulne...
CVE-2015-0071
CVE-2015-0071 affects Internet Explorer 9–11. The vulnerability is an ASLR bypass in IE triggered by visiting a crafted web page, per the IE ASLR Bypass vulnerability description. Impact: bypass of address-space layout randomization (ASLR); the Microsoft KB MS15-009 security update family (KB3021...
CVE-2014-8985
Microsoft Internet Explorer 11 contains a memory corruption vulnerability (CVE-2014-8985) that can be exploited remotely by visiting a crafted site, potentially enabling arbitrary code execution or memory-based denial of service. Public exploits exist; exploitation details are not provided in the...
CVE-2011-3389
CVE-2011-3389 is the BEAST information-disclosure vulnerability in TLS/SSL CBC-mode encryption, allowing a network attacker to glean plaintext headers under certain configurations (e.g., when CBC with chained IVs is used and the attacker can inject/observe traffic). The connected documents show m...
CVE-2013-3163
Microsoft Internet Explorer 8–10 contains a memory corruption vulnerability (CVE-2013-3163) that allows remote code execution or a denial of service when a user visits a crafted web site. Affected component: IE’s memory handling in versions 8–10; root cause described as memory corruption via craf...
CVE-2017-8524
CVE-2017-8524 is a memory corruption vulnerability in Microsoft’s JavaScript engine affecting multiple Windows versions (Windows 7 SP1, 8.1/RT 8.1, 8, 2012/2012 R2, 10 versions, and Server 2016). The root cause is memory handling in the scripting engine during rendering of objects, enabling remot...
CVE-2013-3893
CVE-2013-3893 is a use-after-free in mshtml.dll (Internet Explorer) specifically in SetMouseCapture, exploited via crafted JavaScript (notably through ms-help URLs) to achieve remote code execution across IE 6–11. Connected KEV/CISA entries confirm active exploitation in the wild and classify it ...
CVE-2021-26419
CVE-2021-26419 is a memory-corruption vulnerability in Internet Explorer’s scripting engine (jscript9.dll) that can lead to arbitrary code execution. The issue affects Internet Explorer 11 (and related IE components) and is exploitable remotely via a crafted web or Office document vector, with us...
CVE-2017-0228
Connected documents describe a remote code execution vulnerability in the JavaScript engine/memory handling path used by Microsoft Edge and the ChakraCore engine (Scripting Engine Memory Corruption). The advisories identify exploitation via memory corruption in object handling, affecting Edge/Cha...
CVE-2012-4792
CVE-2012-4792 is a use-after-free vulnerability in Microsoft Internet Explorer 6–8 that allows remote code execution when a crafted website triggers access to an object (not properly allocated or deleted), exemplified by a CDwnBindInfo object. The issue has been exploited in the wild (Dec 2012). ...
CVE-2014-4108
Microsoft Internet Explorer 6–11 is the context for CVE-2014-4108 and related advisories. Connected documents describe multiple use-after-free vulnerabilities in IE components (e.g., CAttrArray, CFieldSetLayout, CTableCell, CDataBindTask, CMarkup, CGeneratedTreeNode, etc.) that enable remote code...
CVE-2017-0238
CVE-2017-0238 is linked to memory-corruption in the JavaScript engine used by Microsoft Edge/ChakraCore. The connected advisories describe a remote code execution path when handling in-memory objects, affecting Edge/ChakraCore. Mitigation guidance in the docs points to applying Security Updates t...
CVE-2020-0673
CVE-2020-0673 is a remote code execution vulnerability in Internet Explorer’s scripting engine related to memory handling for objects. The underlying issue is a memory corruption flaw that can be triggered via crafted objects, leading to arbitrary code execution on affected systems. The CVSS 3.1 ...
CVE-2013-1308
Technical details for CVE-2013-1308 are not publicly provided in the supplied documents. Monitor for updates from official advisories and vulnerability catalogs.