The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Internet Explorer

threat alert CVE-2015-5569 CVE-2015-7625 CVE-2015-7626

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 21.
Creation date: 13/10/2015.
Identifiers: 2755801, APSB15-25, CERTFR-2015-AVI-428, CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, CVE-2015-7644, openSUSE-SU-2015:1744-1, openSUSE-SU-2015:1781-1, RHSA-2015:1893-01, RHSA-2015:2024-01, SUSE-SU-2015:1740-1, SUSE-SU-2015:1742-1, VIGILANCE-VUL-18085, ZDI-15-511, ZDI-15-512, ZDI-15-513, ZDI-15-514.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-7628]

An attacker can bypass security features in Flash broker API, in order to escalate his privileges. [severity:1/4; CVE-2015-5569]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7629, ZDI-15-514]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7631, ZDI-15-513]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7635]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7636]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7637]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7638]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7639]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7640]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7641]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7642]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7643, ZDI-15-511]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7644]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7632, ZDI-15-512]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7625]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7626]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7627]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7630]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7633]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:1/4; CVE-2015-7634]
Full Vigil@nce bulletin... (Free trial)

security threat 17985

HTTPS: Cookie injection

Synthesis of the vulnerability

An attacker can inject a cookie in an HTTPS (HTTP+TLS) session, in order to alter the behavior of the web service, if it is not conceived to receive unexpected cookies.
Severity: 1/4.
Creation date: 25/09/2015.
Identifiers: VIGILANCE-VUL-17985, VU#804060.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Cookies (RFC 6265) are additional HTTP headers defined by web servers, and then returned by the client when it accesses again to this web server.

However, the RFC 6265 does not request web browsers to send the cookie through the same canal where it came from. So :
 - the http://example.com/ site (or an attacker spoofing this server) can define a cookie, which will be sent to http://other.example.com/ and https://other.example.com/
 - the http://www.example.com/ site (or an attacker spoofing this server) can define a cookie with the "secure" flag, which will be sent to https://www.example.com/

An attacker can therefore inject a cookie in an HTTPS (HTTP+TLS) session, in order to alter the behavior of the web service, if it is not conceived to receive unexpected cookies.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-5567 CVE-2015-5568 CVE-2015-5570

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 23.
Creation date: 22/09/2015.
Identifiers: 2755801, 451, APSB15-23, CERTFR-2015-AVI-404, CVE-2015-5567, CVE-2015-5568, CVE-2015-5570, CVE-2015-5571, CVE-2015-5572, CVE-2015-5573, CVE-2015-5574, CVE-2015-5575, CVE-2015-5576, CVE-2015-5577, CVE-2015-5578, CVE-2015-5579, CVE-2015-5580, CVE-2015-5581, CVE-2015-5582, CVE-2015-5584, CVE-2015-5587, CVE-2015-5588, CVE-2015-6676, CVE-2015-6677, CVE-2015-6678, CVE-2015-6679, CVE-2015-6682, openSUSE-SU-2015:1616-1, openSUSE-SU-2015:1781-1, RHSA-2015:1814-01, SUSE-SU-2015:1614-1, SUSE-SU-2015:1618-1, VIGILANCE-VUL-17945, ZDI-15-446, ZDI-15-447.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5573]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5570, ZDI-15-447]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5574]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5581]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5584]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6682]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6676]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6678, ZDI-15-446]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5575]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5577]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5578]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5580]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5582]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5588]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6677]

An attacker can use a vulnerability in JSONP Callback API, in order to run code. [severity:3/4; CVE-2015-5571]

An attacker can create a memory leak, in order to trigger a denial of service. [severity:2/4; CVE-2015-5576]

An attacker can use a vulnerability in Vector Length Corruption, in order to run code. [severity:4/4; CVE-2015-5568]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5567]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5579]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5587]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-5572]

An attacker can bypass security features in same-origin-policy, in order to obtain sensitive information. [severity:2/4; CVE-2015-6679]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-2483 CVE-2015-2484 CVE-2015-2485

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 08/09/2015.
Identifiers: 3089548, CERTFR-2015-AVI-383, CVE-2015-2483, CVE-2015-2484, CVE-2015-2485, CVE-2015-2486, CVE-2015-2487, CVE-2015-2489, CVE-2015-2490, CVE-2015-2491, CVE-2015-2492, CVE-2015-2493, CVE-2015-2494, CVE-2015-2498, CVE-2015-2499, CVE-2015-2500, CVE-2015-2501, CVE-2015-2541, CVE-2015-2542, MS15-094, VIGILANCE-VUL-17840, ZDI-15-420, ZDI-15-421, ZDI-15-422, ZDI-15-423, ZDI-15-424, ZDI-15-425, ZDI-15-426, ZDI-15-427, ZDI-15-428.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2015-2483]

An attacker can delete a file, in order to trigger a denial of service. [severity:3/4; CVE-2015-2484]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2485, ZDI-15-421]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2486, ZDI-15-422]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2487, ZDI-15-420]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2015-2489, ZDI-15-423]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2490]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2491]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2492]

An attacker can generate a memory corruption in Scripting Engine, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2493]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2494]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2498, ZDI-15-424]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2499, ZDI-15-425]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2500, ZDI-15-426]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2501, ZDI-15-427]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2541, ZDI-15-428]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2542]
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2015-2502

Internet Explorer: memory corruption

Synthesis of the vulnerability

An attacker can invite the victim to see a malicious web site, to generate a memory corruption in Internet Explorer, in order to trigger a denial of service, and possibly to run code.
Severity: 4/4.
Creation date: 19/08/2015.
Identifiers: 3088903, CERTFR-2015-AVI-358, CVE-2015-2502, MS15-093, VIGILANCE-VUL-17712.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Internet Explorer product displays web documents.

However, a malformed document corrupts Internet Explorer memory.

An attacker can therefore invite the victim to see a malicious web site, to generate a memory corruption in Internet Explorer, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2015-2423 CVE-2015-2441 CVE-2015-2442

Internet Explorer: thirteen vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 13.
Creation date: 11/08/2015.
Identifiers: 3082442, BFS-SA-2015-001, CERTFR-2015-AVI-333, CERTFR-2015-AVI-342, CVE-2015-2423, CVE-2015-2441, CVE-2015-2442, CVE-2015-2443, CVE-2015-2444, CVE-2015-2445, CVE-2015-2446, CVE-2015-2447, CVE-2015-2448, CVE-2015-2449, CVE-2015-2450, CVE-2015-2451, CVE-2015-2452, MS15-079, VIGILANCE-VUL-17625, ZDI-15-382, ZDI-15-383, ZDI-15-384, ZDI-15-385, ZDI-15-389.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2441]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2442]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2443, ZDI-15-382]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; BFS-SA-2015-001, CVE-2015-2444]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2446]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2447]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2448, ZDI-15-383]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2450, ZDI-15-384]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2451, ZDI-15-385]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2452, ZDI-15-389]

An attacker can guess the memory layout of a Microsoft Internet Explorer process, to bypass ASLR, in order to ease the next step of the attack. [severity:2/4; CVE-2015-2445]

An attacker can guess the memory layout of a Microsoft Internet Explorer process, to bypass ASLR, in order to ease the next step of the attack. [severity:2/4; CVE-2015-2449]

An attacker can use, for example from Internet Explorer, a special command line on Windows, in order to run some programs, such as Notepad or Office (VIGILANCE-VUL-17638). [severity:2/4; CERTFR-2015-AVI-342, CVE-2015-2423]
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2015-5125 CVE-2015-5127 CVE-2015-5129

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 36.
Creation date: 11/08/2015.
Identifiers: 2755801, APSB15-19, CERTFR-2015-AVI-347, CERTFR-2015-AVI-348, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128-REJECT, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566, CVE-2015-6682, openSUSE-SU-2015:1388-1, openSUSE-SU-2015:1391-1, openSUSE-SU-2015:1781-1, RHSA-2015:1603-01, SUSE-SU-2015:1373-1, SUSE-SU-2015:1374-1, VIGILANCE-VUL-17624.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. After analysis, it is not a vulnerability. [severity:0/4; CVE-2015-5128-REJECT]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5554]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5555]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5558]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5562]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-5125]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5550]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5551]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5556]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5130]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5134]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5539]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5540]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5557]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5559]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5127]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5563]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5561]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5566]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5129]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5541]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5131]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5132]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5133]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5544]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5545]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5546]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5547]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5548]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5549]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5552]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5553]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5560]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5564]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5565]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-6682]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 17462

Internet Explorer: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 21/07/2015.
Identifiers: VIGILANCE-VUL-17462, ZDI-15-359, ZDI-15-360, ZDI-15-361, ZDI-15-362.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a buffer overflow in CTableLayout::AddRow, in order to trigger a denial of service, and possibly to run code. [severity:3/4; ZDI-15-359]

An attacker can force the usage of a freed memory area in CAttrArray, in order to trigger a denial of service, and possibly to run code. [severity:3/4; ZDI-15-360]

An attacker can force the usage of a freed memory area in CCurrentStyle, in order to trigger a denial of service, and possibly to run code. [severity:3/4; ZDI-15-361]

An attacker can force the usage of a freed memory area in CTreePos, in order to trigger a denial of service, and possibly to run code. [severity:3/4; ZDI-15-362]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-5122 CVE-2015-5123

Adobe Flash Player: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/07/2015.
Identifiers: 2755801, APSA15-04, APSB15-18, CERTFR-2015-ALE-006, CERTFR-2015-AVI-309, CVE-2015-5122, CVE-2015-5123, openSUSE-SU-2015:1267-1, RHSA-2015:1235-01, SUSE-SU-2015:1255-1, SUSE-SU-2015:1258-1, VIGILANCE-VUL-17370, VU#338736, VU#918568.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5122, VU#338736]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-5123, VU#918568]
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2015-1729 CVE-2015-1733 CVE-2015-1738

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 29.
Creation date: 15/07/2015.
Identifiers: 3076321, CERTFR-2015-AVI-302, CVE-2015-1729, CVE-2015-1733, CVE-2015-1738, CVE-2015-1767, CVE-2015-2372, CVE-2015-2383, CVE-2015-2384, CVE-2015-2385, CVE-2015-2388, CVE-2015-2389, CVE-2015-2390, CVE-2015-2391, CVE-2015-2397, CVE-2015-2398, CVE-2015-2401, CVE-2015-2402, CVE-2015-2403, CVE-2015-2404, CVE-2015-2406, CVE-2015-2408, CVE-2015-2410, CVE-2015-2411, CVE-2015-2412, CVE-2015-2413, CVE-2015-2414, CVE-2015-2419, CVE-2015-2421, CVE-2015-2422, CVE-2015-2425, MS15-065, VIGILANCE-VUL-17354, ZDI-15-329, ZDI-15-330, ZDI-15-331, ZDI-15-332, ZDI-15-333, ZDI-15-334, ZDI-15-335, ZDI-15-336, ZDI-15-337, ZDI-15-338, ZDI-15-341, ZDI-15-342, ZDI-15-458, ZDI-15-568.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption in VBScript, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-17356). [severity:4/4; CVE-2015-2372]

An attacker can bypass the XSS Filter. [severity:2/4; CVE-2015-2398]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2015-2402, ZDI-15-342]

An attacker can generate a memory corruption in JScript9, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2419]

An attacker can guess the memory layout of a Microsoft Internet Explorer process, to bypass ASLR, in order to ease the next step of the attack. [severity:2/4; CVE-2015-2421]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-1733]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-1738]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-1767, ZDI-15-334, ZDI-15-336, ZDI-15-338, ZDI-15-568]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2383, ZDI-15-341]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2384]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2385]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2388, ZDI-15-335]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2389]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2390]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2391]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2397, ZDI-15-330, ZDI-15-337]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2401]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2403, ZDI-15-329]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2404, ZDI-15-332]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2406, ZDI-15-333]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2408, ZDI-15-458]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2411]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2422]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-2425]

An attacker can bypass security features, in order to obtain sensitive information. [severity:3/4; CVE-2015-1729]

An attacker can bypass security features, in order to obtain sensitive information. [severity:3/4; CVE-2015-2410]

An attacker can bypass security features, in order to obtain sensitive information. [severity:3/4; CVE-2015-2412, ZDI-15-331]

An attacker can bypass security features, in order to obtain sensitive information. [severity:3/4; CVE-2015-2413]

An attacker can bypass security features, in order to obtain sensitive information. [severity:3/4; CVE-2015-2414]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft Internet Explorer: