cbcvebase.
CVE-2015-2419
published 2015-07-14

CVE-2015-2419: JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a…

PriorityP189high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-04-18
Exploited in the wild
EPSS
44.54%
98.6th percentile
JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2015-2419 (JScript9 Memory Corruption) was integrated into Angler Exploit Kit by August 2015; detect Angler EK traffic patterns targeting Internet Explorer 10/11 to identify exploitation attempts.
  • CVE-2015-2419 was among the top vulnerabilities leveraged by exploit kits in 2015; prioritize detection of drive-by download activity targeting IE 10/11 via malvertising or compromised web pages.
  • POC exploit code for CVE-2015-2419 was observed for sale on criminal forums as late as May 2016, indicating continued adversary interest; monitor for exploit kit traffic from unpatched IE 10/11 hosts.
  • Angler EK uses a fileless infection technique executing payload from memory; post-infection follow-up malware (e.g., CryptXXX, Bedep) must be stored on disk for persistence — monitor for unexpected child processes of iexplore.exe and in-memory execution anomalies.
  • ·No specific hashes, domains, IPs, or YARA/Sigma/Snort rules for CVE-2015-2419 were present in the source documents; all IOC fields are empty as a result.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.