CVE-2015-0050
published 2015-02-11CVE-2015-0050: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site…
PriorityP261critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
33.46%
98.2th percentile
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0044.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger involves a crafted DOM structure with a float:left element containing a complex element styled with 'float:left; width:100%' and a ':first-line { clear:left }' pseudo-element, combined with nested position:fixed, position:relative, table, and unknown elements, followed by a dynamic class attribute change via setAttribute to provoke the out-of-bounds read in MSHTML SRunPointer::SpanQualifier/RunType ↗
- ·The PoC as published only demonstrates an out-of-bounds read (crash/DoS); it does not include a working RCE payload, so in-the-wild exploitation for code execution would require additional heap-shaping/shellcode not present in this sample ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c5mx-wjfq-4fg6: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted w
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-0044 [MEDIUM] GHSA-c5mx-wjfq-4fg6: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted w
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0050.
GHSA
GHSA-2cmm-c784-724v: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted w
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-0050 [MEDIUM] GHSA-2cmm-c784-724v: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted w
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0044.
No detection rules found.
http://blog.skylined.nl/20161122001.htmlhttp://seclists.org/fulldisclosure/2016/Nov/135http://www.securityfocus.com/archive/1/539808/100/0/threadedhttp://www.securityfocus.com/bid/72419http://www.securitytracker.com/id/1031723https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009https://www.exploit-db.com/exploits/40841/http://blog.skylined.nl/20161122001.htmlhttp://seclists.org/fulldisclosure/2016/Nov/135http://www.securityfocus.com/archive/1/539808/100/0/threadedhttp://www.securityfocus.com/bid/72419http://www.securitytracker.com/id/1031723https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009https://www.exploit-db.com/exploits/40841/
2015-02-11
Published