Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-2482

CWE-119Buffer Overflow4 documents4 sources
Severity
9.3CRITICAL
EPSS
64.1%
top 1.56%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft JscriptMicrosoft Vbscript
Timeline
PublishedOct 14
Latest updateMay 14

Description

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted replace operation with a JavaScript regular expression, aka "Scripting Engine Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/jscript5.6, 5.7, 5.8+2
NVDmicrosoft/vbscript5.6, 5.7, 5.8+2

🔴Vulnerability Details

2
GHSA
GHSA-mmv3-rx57-jjgm: The Microsoft (1) VBScript 52022-05-14
CVEList
CVE-2015-2482: The Microsoft (1) VBScript 52015-10-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 8 - jscript 'Reg­Exp­Base::FBad­Header' Use-After-Free (MS15-018)2016-11-21
CVE-2015-2482 (CRITICAL CVSS 9.3) | The Microsoft (1) VBScript 5.7 and | cvebase.io