⚠ Actively exploited

Added to CISA KEV on 2022-05-25. Federal agencies required to patch by 2022-06-15. Required action: Apply updates per vendor instructions..

CVE-2015-0071 — Microsoft Internet Explorer vulnerability

CWE-2645 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

37.0%

top 2.83%

CISA KEV

KEV

Added 2022-05-25

Due 2022-06-15

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Internet Explorer

Timeline

PublishedFeb 11

KEV addedMay 25

KEV dueJun 15

CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer10, 11, 9+2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-p3rr-qc23-wf57: Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explore↗2022-05-14

▶

VulnCheck

Microsoft Internet Explorer ASLR Bypass Vulnerability↗2015

▶

📋Vendor Advisories

CISA

Microsoft Internet Explorer ASLR Bypass Vulnerability↗2022-05-25

▶

🕵️Threat Intelligence

Zscaler

Zscaler detects IE & MS Office Vulnerabilities | 02-10-2015↗

▶