cbcvebase.
CVE-2015-0040
published 2015-02-11

CVE-2015-0040: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka…

PriorityP261critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
30.04%
98.0th percentile
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0018, CVE-2015-0037, and CVE-2015-0066.

Affected

1 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit pattern involves creating a container element with children in the order: map, applet, map — then appending to the DOM document to trigger the vulnerable readystatechange interrupt sequence.
  • After the use-after-free is triggered, freed CMapElement memory (size ~0x190 bytes per video element) is reclaimed by allocating and discarding video elements in a loop to force MemoryProtect to release the object; monitor for mass video element creation in IE11 JavaScript.
  • Disabling JavaScript in Internet Explorer 11 prevents an attacker from triggering the vulnerable code path for CVE-2015-0040 / MS15-009.
  • ·The researcher was unable to prove full exploitability beyond reasonable doubt; the linked list corruption and use-after-free were demonstrated but a complete weaponized exploit chain was not confirmed.
  • ·Other CElement::Notify implementations for various element types may also be vulnerable to the same reentrancy issue, but were not exhaustively reverse-engineered.
  • ·The NVD source document is for CVE-2015-0066, not CVE-2015-0040; CVE-2015-0040 is only referenced as a related but distinct vulnerability in that entry.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.