cbcvebase.
CVE-2015-0050
published 2015-02-11

CVE-2015-0050: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site…

PriorityP261critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
33.46%
98.2th percentile
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0044.

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger involves a crafted DOM structure with a float:left element containing a complex element styled with 'float:left; width:100%' and a ':first-line { clear:left }' pseudo-element, combined with nested position:fixed, position:relative, table, and unknown elements, followed by a dynamic class attribute change via setAttribute to provoke the out-of-bounds read in MSHTML SRunPointer::SpanQualifier/RunType
  • ·The PoC as published only demonstrates an out-of-bounds read (crash/DoS); it does not include a working RCE payload, so in-the-wild exploitation for code execution would require additional heap-shaping/shellcode not present in this sample
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.