CVE-2015-1743
published 2015-06-10CVE-2015-1743: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege…
PriorityP433medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
13.74%
96.0th percentile
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1748.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4486-4c28-44r7: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil
ghsa_unreviewed·2022-05-14·CVSS 5.1
CVE-2015-1748 [MEDIUM] GHSA-4486-4c28-44r7: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1743.
GHSA
GHSA-c788-rmfv-wwr2: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2015-1743 [MEDIUM] CWE-367 GHSA-c788-rmfv-wwr2: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1748.
No detection rules found.
No public exploits indexed.
CWE
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
mitre_cwe
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
A race condition occurs within concurrent environments, and it is effectively a property of a code sequence. Depending on the context, a code sequence may be in the form of a function call, a small number of instructions, a series of program invocations, etc. A race condition violates these properties, which are closely related: Exclusivity - the code sequence is given exclusive access to the shared resource, i.e., no other code sequence can modify properties
CWE
Time-of-check Time-of-use (TOCTOU) Race Condition
mitre_cwe
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Modes of Introduction:
Phase: Implementation
Note: This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs.
Common Consequences:
Scope: Integrity, Other. Impact: Alter Execution Logic, Unexpected State. The attacker can gain access to otherwise unauthorized resources.
Scope: Integrity, Other. Impact: Modify Application Data, Modify Files or Directories, Modify Memory, Other. Rac
http://www.securityfocus.com/bid/74996http://www.securitytracker.com/id/1032521http://www.zerodayinitiative.com/advisories/ZDI-15-377https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056http://www.securityfocus.com/bid/74996http://www.securitytracker.com/id/1032521http://www.zerodayinitiative.com/advisories/ZDI-15-377https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056
2015-06-10
Published