Multiple vulnerabilities in Microsoft Internet Explorer



Published: 2015-07-14 | Updated: 2017-01-31
Risk Critical
Patch available YES
Number of vulnerabilities 29
CVE-ID CVE-2015-2421
CVE-2015-2410
CVE-2015-2412
CVE-2015-2413
CVE-2015-2414
CVE-2015-2422
CVE-2015-2419
CVE-2015-2411
CVE-2015-2408
CVE-2015-2406
CVE-2015-2404
CVE-2015-2402
CVE-2015-2403
CVE-2015-2401
CVE-2015-2398
CVE-2015-2397
CVE-2015-2391
CVE-2015-2390
CVE-2015-2389
CVE-2015-2388
CVE-2015-2385
CVE-2015-2384
CVE-2015-2383
CVE-2015-1767
CVE-2015-2372
CVE-2015-1738
CVE-2015-1733
CVE-2015-1729
CVE-2015-2425
CWE-ID CWE-264
CWE-200
CWE-119
CWE-79
Exploitation vector Network
Public exploit Vulnerability #7 is being exploited in the wild.
Vulnerability #29 is being exploited in the wild.
Vulnerable software
Subscribe
Microsoft Internet Explorer
Client/Desktop applications / Web browsers

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 29 vulnerabilities.

1) Security bypass

EUVDB-ID: #VU5538

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2015-2421

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerabiity allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to failure to use Address Space Layout Randomization. A remote attacker can create a specially crafted Web site, trick the victim into visiting, bypass ASLR mechanism and obtain potentially sensitive information.

Successful exploitation of this vulnerability results in security bypass on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 6 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Information disclosure

EUVDB-ID: #VU5537

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2015-2410

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerabiity allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper handling of requests from external stylesheets. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and determine specific files on the system.

Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 6 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Information disclosure

EUVDB-ID: #VU5536

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2015-2412

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerabiity allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper validation of file paths. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and view content from arbitrary files on the system.

Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 10 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Information disclosure

EUVDB-ID: #VU5535

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2015-2413

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerabiity allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper handling of module resource requests. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and determine specific files on the system..

Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 6 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Information disclosure

EUVDB-ID: #VU5534

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2015-2414

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerabiity allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper handling of cached image information. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and determine the victim's browsing history.

Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 8 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Memory corruption

EUVDB-ID: #VU5533

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2422

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 6 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Memory corruption

EUVDB-ID: #VU5532

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2419

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in JScript engine. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 10 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

8) Memory corruption

EUVDB-ID: #VU5531

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2411

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 10 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

9) Memory corruption

EUVDB-ID: #VU5530

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2408

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 9 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

10) Memory corruption

EUVDB-ID: #VU5529

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2406

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 6 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

11) Memory corruption

EUVDB-ID: #VU5528

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2404

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 6 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

12) Privilege escalation

EUVDB-ID: #VU5527

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2015-2402

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to improper validation of permissions. A remote attacker can create a specially crafted file, trick the victim into opening it and run script with privileges of the current user.

Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 7 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

13) Memory corruption

EUVDB-ID: #VU5526

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2403

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 8


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

14) Memory corruption

EUVDB-ID: #VU5525

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2401

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 9 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

15) Cross-Site Scripting

EUVDB-ID: #VU5524

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2015-2398

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-input. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 8 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

16) Memory corruption

EUVDB-ID: #VU5523

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2397

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 6 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

17) Memory corruption

EUVDB-ID: #VU5522

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2391

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 9


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

18) Memory corruption

EUVDB-ID: #VU5521

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2390

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 6 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

19) Memory corruption

EUVDB-ID: #VU5520

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2389

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 10 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

20) Memory corruption

EUVDB-ID: #VU5519

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2388

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 8 - 9


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

21) Memory corruption

EUVDB-ID: #VU5518

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2385

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 6 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

22) Memory corruption

EUVDB-ID: #VU5517

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2384

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

23) Memory corruption

EUVDB-ID: #VU5516

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2383

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

24) Memory corruption

EUVDB-ID: #VU5515

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-1767

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 9 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

25) Memory corruption

EUVDB-ID: #VU5514

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-2372

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 6 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

26) Memory corruption

EUVDB-ID: #VU5513

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-1738

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 8 - 9


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

27) Memory corruption

EUVDB-ID: #VU5512

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-1733

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 8 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

28) Information disclosure

EUVDB-ID: #VU5511

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2015-1729

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerabiity allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the failure to properly enforce cross-domain policies. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and view content from another domain or Internet Explorer zone.

Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 9 - 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

29) Memory corruption

EUVDB-ID: #VU5507

Risk: Critical

CVSSv3.1:

CVE-ID: CVE-2015-2425

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft Internet Explorer: 11


CPE2.3 External links

http://technet.microsoft.com/en-us/library/security/ms15-065.aspx

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###