CVE-2015-1743Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft Internet Explorer

CWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-362Race Condition7 documents4 sources
Severity
6.8MEDIUMNVD
NVD5.1
EPSS
9.8%
top 7.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedJun 10
Latest updateMay 14

Description

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1748.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/internet_explorer5 versions+4

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-4486-4c28-44r7: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil2022-05-14
GHSA
GHSA-c788-rmfv-wwr2: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil2022-05-14

🕵️Threat Intelligence

1
Zscaler
Zscaler detects IE & MS Office Vulnerabilities | 06-09-2015

📐Framework References

2
CWE
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2015-1743 — Microsoft vulnerability | cvebase