CVE-2015-0071

CVSS 6.5 MEDIUMEPSS 33.6%● KEV

In short

Internet Explorer versions 9 through 11 have a vulnerability that allows attackers to bypass ASLR (a security feature that randomizes memory locations) by tricking users into visiting a malicious website. This makes it easier for attackers to exploit other vulnerabilities in the browser.

Technical detail

The vulnerability enables circumvention of Address Space Layout Randomization (ASLR) through a remote attack vector involving a crafted web site. An attacker must convince a user to visit the malicious site; successful exploitation exposes the randomized memory layout, facilitating downstream code execution attacks against Internet Explorer 9-11.

Summary generated and translated by AI from the official description.

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-0071 http://www.securityfocus.com/bid/72455 http://www.securitytracker.com/id/1031723