Security bypass in Microsoft Internet Explorer - CVE-2015-0069
Published: February 7, 2017 / Updated: February 13, 2017
Vulnerability identifier: #VU5648
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2015-0069
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Internet Explorer
Microsoft Internet Explorer
Detailed vulnerability description
The vulnerabiity allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to failure to use Address Space Layout Randomization (ASLR). A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass ASLR mechanism and predict memory locations that if connected with another vulnerability allows to execute arbitrary code.
Successful exploitation of this vulnerability results in security bypass on the vulnerable system.
The weakness exists due to failure to use Address Space Layout Randomization (ASLR). A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass ASLR mechanism and predict memory locations that if connected with another vulnerability allows to execute arbitrary code.
Successful exploitation of this vulnerability results in security bypass on the vulnerable system.
How to mitigate CVE-2015-0069
Install update from vendor's website.