CVE-2015-0023
published 2015-02-11CVE-2015-0023: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka…
PriorityP349critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
16.58%
96.6th percentile
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0025.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x72v-qfmw-qxf3: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-0023 [CRITICAL] GHSA-x72v-qfmw-qxf3: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0025.
GHSA
GHSA-2c6r-5j5c-mjw4: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-0025 [CRITICAL] GHSA-2c6r-5j5c-mjw4: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0023.
No detection rules found.
Exploit-DB
Microsoft Office 2007 - Malformed Document Stack Buffer Overflow
exploitdb·2015-08-25
CVE-2015-0064 Microsoft Office 2007 - Malformed Document Stack Buffer Overflow
Microsoft Office 2007 - Malformed Document Stack Buffer Overflow
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=170&can=1
The following access violation was observed in Microsoft Office 2007
(Word document):
(e24.e28): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0583a748 ebx=00eb4684 ecx=003ad1a3 edx=00000000 esi=049860bc edi=00122238
eip=7814500a esp=001221e0 ebp=001221e8 iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010212
MSVCR80!memcpy+0x5a:
7814500a f3a5 rep movsd ds:049860bc=???????? es:00122238=3348bcd8
0:000> k
ChildEBP RetAddr
001221e8 31249c0e MSVCR80!memcpy+0x5a
00122204 3126a371 wwlib!
Exploit-DB
Microsoft Office 2007 - OneTableDocumentStream Invalid Object
exploitdb·2015-08-25
CVE-2015-0065 Microsoft Office 2007 - OneTableDocumentStream Invalid Object
Microsoft Office 2007 - OneTableDocumentStream Invalid Object
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=171&can=1
The following access violation was observed in Microsoft Office 2007
(Word document):
(8c0.e68): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0012dcf8 ebx=40000000 ecx=40000000 edx=0012de1c esi=40000000 edi=011f1400
eip=32881800 esp=0012d010 ebp=0012d038 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
mso!Ordinal7799+0x2fc:
32881800 0fb74614 movzx eax,word ptr [esi+0x14] ds:0023:40000014=????
0:000> k
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following
Exploit-DB
Adobe Flash - '.SWF' Out-of-Bounds Memory Read (1)
exploitdb·2015-08-19
CVE-2015-5131 Adobe Flash - '.SWF' Out-of-Bounds Memory Read (1)
Adobe Flash - '.SWF' Out-of-Bounds Memory Read (1)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=361&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id
The following access violation was observed in the Adobe Flash Player plugin:
(150c.ca0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for FlashPlayer.exe -
eax=078a53b7 ebx=00f28938 ecx=002dea24 edx=000085ed esi=000085ee edi=09d9eee0
eip=0139a657 esp=002de9b4 ebp=002deda4 iopl=0 nv up ei ng nz ac pe cy
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210297
FlashPlayer!WinMainSandboxed+0x572f0:
Exploit-DB
Adobe Flash - URL Resource Use-After-Free
exploitdb·2015-08-19
CVE-2015-4430 Adobe Flash - URL Resource Use-After-Free
Adobe Flash - URL Resource Use-After-Free
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=410&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id
The following crash was observed in Flash Player 17.0.0.188 on Windows:
(81c.854): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=37397006 ebx=00000000 ecx=008c0493 edx=09f390d0 esi=08c24d98 edi=09dc2000
eip=07a218cb esp=015eda80 ebp=015edb24 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050216
Flash32_17_0_0_188+0x18cb:
07a218cb ff6004 jmp dword ptr [eax+0x4] ds:0023:3739700a=????????
- The test case reproduces on Windows 7 using IE11. I
Exploit-DB
Adobe Flash - '.SWF' Out-of-Bounds Memory Read (2)
exploitdb·2015-08-19
CVE-2015-5132 Adobe Flash - '.SWF' Out-of-Bounds Memory Read (2)
Adobe Flash - '.SWF' Out-of-Bounds Memory Read (2)
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=362&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id
The following access violation was observed in the Adobe Flash Player plugin:
(1dec.1af0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for FlashPlayer.exe -
eax=00006261 ebx=00001501 ecx=010ae1e4 edx=00006262 esi=0736dda0 edi=05a860d0
eip=0044ae55 esp=010ae170 ebp=010ae564 iopl=0 nv up ei ng nz ac pe cy
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210297
FlashPlayer!WinMainSandboxed+0x57aee:
Exploit-DB
Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.TTF' File Embedded in SWF
exploitdb·2015-08-19
CVE-2015-5133 Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.TTF' File Embedded in SWF
Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.TTF' File Embedded in SWF
---
Source: https://code.google.com/p/google-security-research/issues/detail?id=363&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id
The following access violation was observed in the Adobe Flash Player plugin:
(1ba8.1c60): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for FlashPlayer.exe -
eax=0004c800 ebx=00000000 ecx=08982000 edx=00002588 esi=00001200 edi=0042d46c
eip=017723c0 esp=0042d278 ebp=0042d3c4 iopl=0 nv up ei pl nz na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210
Exploit-DB
Microsoft Windows - Automatic .LNK Shortcut File Code Execution
exploitdb·2010-07-18
CVE-2015-0096 Microsoft Windows - Automatic .LNK Shortcut File Code Execution
Microsoft Windows - Automatic .LNK Shortcut File Code Execution
---
From: http://www.ivanlef0u.tuxfamily.org/?p=411
1. Unzip the files in 'C: \'. Start a DbgView or paste a KD to your VM.
2. Rename 'suckme.lnk_' to 'suckme.lnk' and let the magic do the rest of shell32.dll.
3. Look at your logs.
http://ivanlef0u.nibbles.fr/repo/suckme.rar
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14403.rar (suckme.rar)
Tested under XP SP3.
kd> g
Breakpoint 1 hit
eax=00000001 ebx=00f5ee7c ecx=0000c666 edx=00200003 esi=00000001 edi=7c80a6e4
eip=7ca78712 esp=00f5e9c4 ebp=00f5ec18 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
SHELL32!_LoadCPLModule+0x10d:
001b:7ca78712 ff15a0159d7c call dword ptr [SHELL32!_imp__LoadLibrar
http://www.securityfocus.com/bid/72438http://www.securitytracker.com/id/1031723https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1090http://www.securityfocus.com/bid/72438http://www.securitytracker.com/id/1031723https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1090
2015-02-11
Published