CVE-2015-2490
published 2015-09-09CVE-2015-2490: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web…
PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
15.63%
96.4th percentile
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9hcr-77rj-6rj7: Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corr
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-2494 [CRITICAL] CWE-119 GHSA-9hcr-77rj-6rj7: Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corr
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2498, and CVE-2015-2499.
GHSA
GHSA-4946-g8f9-p7hc: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-2499 [CRITICAL] CWE-119 GHSA-4946-g8f9-p7hc: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2498.
GHSA
GHSA-vqv8-56c7-7cpv: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-2490 [CRITICAL] CWE-119 GHSA-vqv8-56c7-7cpv: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
GHSA
GHSA-7q72-7cq7-63r5: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-2498 [CRITICAL] CWE-119 GHSA-7q72-7cq7-63r5: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2499.
GHSA
GHSA-xrw9-rhv5-78jv: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-2492 [CRITICAL] CWE-119 GHSA-xrw9-rhv5-78jv: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
GHSA
GHSA-7752-h8p6-727f: Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corr
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-2486 [CRITICAL] CWE-119 GHSA-7752-h8p6-727f: Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corr
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
GHSA
GHSA-jcpm-wcf8-xc6g: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2015-2487 [CRITICAL] CWE-119 GHSA-jcpm-wcf8-xc6g: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
Red Hat
chromium-browser: information leak in PDF viewer
vendor_redhat·2015-11-10·CVSS 7.5
CVE-2015-1302 [HIGH] CWE-200 chromium-browser: information leak in PDF viewer
chromium-browser: information leak in PDF viewer
The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc.
Red Hat
chromium-browser: Multiple unspecified vulnerabilities in Google V8 causing DoS
vendor_redhat·2015-10-14·CVSS 7.5
CVE-2015-7834 [HIGH] chromium-browser: Multiple unspecified vulnerabilities in Google V8 causing DoS
chromium-browser: Multiple unspecified vulnerabilities in Google V8 causing DoS
Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Package: chromium-browser (Red Hat Enterprise Linux 6) - Affected
Red Hat
chromium-browser: Information leakage in LocalStorage
vendor_redhat·2015-10-13·CVSS 5.0
CVE-2015-6759 [MEDIUM] CWE-200 chromium-browser: Information leakage in LocalStorage
chromium-browser: Information leakage in LocalStorage
The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL.
Red Hat
chromium-browser: Memory corruption in FFMpeg
vendor_redhat·2015-10-13·CVSS 6.8
CVE-2015-6761 [MEDIUM] chromium-browser: Memory corruption in FFMpeg
chromium-browser: Memory corruption in FFMpeg
The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file.
Red Hat
chromium-browser: Improper error handling in libANGLE
vendor_redhat·2015-10-13·CVSS 7.5
CVE-2015-6760 [HIGH] chromium-browser: Improper error handling in libANGLE
chromium-browser: Improper error handling in libANGLE
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device.
Red Hat
chromium-browser: use-after-free in PDFium
vendor_redhat·2015-10-13·CVSS 6.8
CVE-2015-6756 [MEDIUM] CWE-416 chromium-browser: use-after-free in PDFium
chromium-browser: use-after-free in PDFium
Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging mishandling of a focused annotation in a PDF document.
Red Hat
chromium-browser: various fixes from internal audits
vendor_redhat·2015-10-13·CVSS 7.5
CVE-2015-6763 [HIGH] chromium-browser: various fixes from internal audits
chromium-browser: various fixes from internal audits
Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Red Hat
chromium-browser: cross-origin bypass in Blink
vendor_redhat·2015-10-13·CVSS 7.5
CVE-2015-6755 [HIGH] CWE-345 chromium-browser: cross-origin bypass in Blink
chromium-browser: cross-origin bypass in Blink
The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
Red Hat
chromium-browser: Bad-cast in PDFium
vendor_redhat·2015-10-13·CVSS 6.8
CVE-2015-6758 [MEDIUM] CWE-704 chromium-browser: Bad-cast in PDFium
chromium-browser: Bad-cast in PDFium
The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
Red Hat
chromium-browser: CORS bypass in CSS fonts
vendor_redhat·2015-10-13·CVSS 7.5
CVE-2015-6762 [HIGH] chromium-browser: CORS bypass in CSS fonts
chromium-browser: CORS bypass in CSS fonts
The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via a redirect.
Red Hat
chromium-browser: Use-after-free in ServiceWorker
vendor_redhat·2015-10-13·CVSS 7.5
CVE-2015-6757 [HIGH] CWE-416 chromium-browser: Use-after-free in ServiceWorker
chromium-browser: Use-after-free in ServiceWorker
Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging object destruction in a callback.
No detection rules found.
No public exploits indexed.
Zscaler
Zscaler detects IE & MS Office Vulnerabilities | 09-09-2015
blogs_zscaler·CVSS 5.0
[MEDIUM] Zscaler detects IE & MS Office Vulnerabilities | 09-09-2015
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2015-7834 chromium-browser: Multiple unspecified vulnerabilities in Google V8 causing DoS
bugzilla·2015-10-15·CVSS 7.5
CVE-2015-7834 [HIGH] CVE-2015-7834 chromium-browser: Multiple unspecified vulnerabilities in Google V8 causing DoS
CVE-2015-7834 chromium-browser: Multiple unspecified vulnerabilities in Google V8 causing DoS
Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, were found allowing attackers to cause a denial of service or possibly have other impact via unknown vectors.
http://www.securityfocus.com/bid/76576http://www.securitytracker.com/id/1033487https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094http://www.securityfocus.com/bid/76576http://www.securitytracker.com/id/1033487https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094
2015-09-09
Published