cbcvebase.
CVE-2015-0071
published 2015-02-11

CVE-2015-0071: Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR…

PriorityP276medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-15
Exploited in the wild
EPSS
33.58%
98.2th percentile
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability targets Microsoft Internet Explorer versions 9 through 11, exploited via a crafted web site to bypass ASLR protection mechanism
  • ·No specific exploit payload, hash, domain, IP, or other concrete IOC was disclosed in the available sources. Detection should focus on patch status of Internet Explorer 9–11 and monitoring for ASLR bypass behaviors in browser processes.

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vulncheck6.5MEDIUM
cisa6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.