CVE-2015-2425

CVSS 8.8 HIGHEPSS 44.9%● KEVCWE-787

In short

Internet Explorer 11 can crash or run malicious code when you visit a specially crafted website. This happens because the browser doesn't properly handle memory, allowing attackers to take control of your computer.

Technical detail

CVE-2015-2425 is a heap-based buffer overflow (CWE-787) in Internet Explorer 11's memory management. Remote attackers can trigger arbitrary code execution or denial of service by hosting a malicious webpage that the victim visits; no user interaction beyond visiting the site is required, and the vulnerability affects the browser's core rendering engine.

Summary generated and translated by AI from the official description.

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2384.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2425 http://www.securitytracker.com/id/1032894