← back
CVE-2015-2419

CVE-2015-2419

CVSS 8.8 HIGHEPSS 44.5%● KEVCWE-787
In short

A vulnerability in Internet Explorer's JScript 9 engine allows attackers to execute malicious code or crash the browser by visiting a specially crafted website. This happens because the browser doesn't properly handle memory, making it susceptible to corruption attacks.

Technical detail

JScript 9 in IE 10 and 11 contains an out-of-bounds write vulnerability (CWE-787) triggered via malicious JavaScript in a web page, leading to arbitrary code execution or denial of service through memory corruption. The attack requires user interaction (visiting a crafted site) but no authentication or special preconditions.

Summary generated and translated by AI from the official description.
JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/44743unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2419http://www.securitytracker.com/id/1032894