CVE-2015-2372

CWE-119Buffer Overflow4 documents4 sources
Severity
9.3CRITICAL
EPSS
16.3%
top 5.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Vbscript
Timeline
PublishedJul 14
Latest updateMay 14

Description

vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/vbscript5.6, 5.7, 5.8+2

🔴Vulnerability Details

2
GHSA
GHSA-r4mg-h5r6-8pcg: vbscript2022-05-14
CVEList
CVE-2015-2372: vbscript2015-07-14

💬Community

1
Bugzilla
CVE-2015-3201 thermostat: world-readable configuration file containing credentials2015-05-15
CVE-2015-2372 (CRITICAL CVSS 9.3) | vbscript.dll in Microsoft VBScript | cvebase.io