Security bypass in Microsoft Internet Explorer - CVE-2015-0071
Published: February 7, 2017 / Updated: May 25, 2022
Vulnerability identifier: #VU5650
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2015-0071
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Microsoft
Affected software:
Microsoft Internet Explorer
Microsoft Internet Explorer
Detailed vulnerability description
The vulnerabiity allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to failure to use Address Space Layout Randomization (ASLR). A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass ASLR mechanism and predict memory locations that if connected with another vulnerability allows to execute arbitrary code.
Successful exploitation of this vulnerability results in security bypass on the vulnerable system.
Note: the vulnerability was being actively exploited.
The weakness exists due to failure to use Address Space Layout Randomization (ASLR). A remote attacker can create a specially crafted Web site, trick the victim into visiting it, bypass ASLR mechanism and predict memory locations that if connected with another vulnerability allows to execute arbitrary code.
Successful exploitation of this vulnerability results in security bypass on the vulnerable system.
Note: the vulnerability was being actively exploited.
How to mitigate CVE-2015-0071
Install update from vendor's website.