CVE-2015-0055
published 2015-02-11CVE-2015-0055: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege…
PriorityP426medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
10.64%
95.2th percentile
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5v4r-mh28-4gj7: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege
ghsa_unreviewed·2022-05-14
CVE-2015-0055 [MEDIUM] GHSA-5v4r-mh28-4gj7: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
Project0
Windows 10^H^H Symbolic Link Mitigations - Project Zero
project_zero·2015-08-01
CVE-2014-0568 Windows 10^H^H Symbolic Link Mitigations - Project Zero
Posted by James Forshaw, abusing symbolic links like it’s 1999.
For the past couple of years I’ve been researching Windows elevation of privilege attacks. This might be escaping sandboxing or gaining system privileges. One of the techniques I’ve used multiple times is abusing the symbolic link facilities of the Windows operating system to redirect privileged code to create files or registry keys to escape the restrictive execution context. Symbolic links in themselves are not vulnerabilities, instead they’re useful primitives for exploiting different classes of vulnerabilities such as resource planting or time-of-check time-of-use.
This blog post contains details of a few changes Microsoft has made to Windows 10, and now back ported (in MS15-090) as far back as Windows Vista which chan
No detection rules found.
No public exploits indexed.
Zscaler
Zscaler detects IE & MS Office Vulnerabilities | 02-10-2015
blogs_zscaler·CVSS 6.8
[MEDIUM] Zscaler detects IE & MS Office Vulnerabilities | 02-10-2015
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2015-7850 ntp: remote configuration denial of service vulnerability
bugzilla·2015-10-22·CVSS 6.5
CVE-2015-7850 [MEDIUM] CVE-2015-7850 ntp: remote configuration denial of service vulnerability
CVE-2015-7850 ntp: remote configuration denial of service vulnerability
The following flaw was found in ntpd:
An exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol. A specially crafted configuration file could cause an endless loop resulting in a denial of service. An attacker could provide a the malicious configuration file to trigger this vulnerability.
External References:
http://talosintel.com/reports/TALOS-2015-0055/
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
Discussion:
Upstream patch:
https://github.com/ntp-project/ntp/commit/bb928ef08eec020ef6008f3a140702ccc0536b8e
---
Created ntp tracking bugs for this issue:
Affects: fedora-all [bug 1296167]
---
Closing thi
http://www.securityfocus.com/bid/72479http://www.securitytracker.com/id/1031723https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009http://www.securityfocus.com/bid/72479http://www.securitytracker.com/id/1031723https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009
2015-02-11
Published