⚠ Actively exploited
Added to CISA KEV on 2022-03-28. Federal agencies required to patch by 2022-04-18. Required action: Apply updates per vendor instructions..
CVE-2015-2419 — Out-of-bounds Write in Microsoft Internet Explorer
Severity
8.8HIGHNVD
EPSS
69.4%
top 1.34%
CISA KEV
KEV
Added 2022-03-28
Due 2022-04-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJul 14
KEV addedMar 28
KEV dueApr 18
Latest updateMay 14
CISA Required Action: Apply updates per vendor instructions.
Description
JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages1 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-pv3m-j6rc-qgg4: JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)↗2022-05-14
CVEList▶
CVE-2015-2419: JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)↗2015-07-14