CVE-2015-0071
published 2015-02-11CVE-2015-0071: Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR…
PriorityP276medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-15
Exploited in the wild
EPSS
33.58%
98.2th percentile
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability targets Microsoft Internet Explorer versions 9 through 11, exploited via a crafted web site to bypass ASLR protection mechanism ↗
- ·No specific exploit payload, hash, domain, IP, or other concrete IOC was disclosed in the available sources. Detection should focus on patch status of Internet Explorer 9–11 and monitoring for ASLR bypass behaviors in browser processes. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vulncheck6.5MEDIUM
cisa6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p3rr-qc23-wf57: Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explore
ghsa_unreviewed·2022-05-14
CVE-2015-0071 [MEDIUM] GHSA-p3rr-qc23-wf57: Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explore
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
VulnCheck
Microsoft Internet Explorer ASLR Bypass Vulnerability
vulncheck·2015·CVSS 6.5
CVE-2015-0071 [MEDIUM] CWE-264 Microsoft Internet Explorer ASLR Bypass Vulnerability
Microsoft Internet Explorer ASLR Bypass Vulnerability
Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site.
Affected: Microsoft Internet Explorer
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://web.archive.org/web/20150213004519/http://www.isightpartners.com/2015/02/codoso/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-06-15
CISA
Microsoft Internet Explorer ASLR Bypass Vulnerability
cisa·2022-05-25·CVSS 6.5
CVE-2015-0071 [MEDIUM] CWE-264 Microsoft Internet Explorer ASLR Bypass Vulnerability
Vulnerability: Microsoft Internet Explorer ASLR Bypass Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-0071
Remediation Due Date: 2022-06-15
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/72455http://www.securitytracker.com/id/1031723https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009http://www.securityfocus.com/bid/72455http://www.securitytracker.com/id/1031723https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-0071
2015-02-11
Published
2022-05-25
Added to CISA KEV
Exploited in the wild