CVE-2015-2502
published 2015-08-19CVE-2015-2502: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web…
PriorityP183high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-04
Exploited in the wild
EPSS
51.13%
98.8th percentile
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
SID 35536
snort↗
SID 35537
- →Exploit is delivered via a malicious webpage; detect drive-by download traffic patterns targeting IE7–IE11 user agents visiting attacker-controlled or compromised pages. ↗
- →Monitor for exploit kit integration; after public disclosure, attack code was expected to be incorporated into exploit kits and attack frameworks. ↗
- →Watch for malicious ad network traffic (malvertising) delivering IE exploit payloads to users of legitimate websites. ↗
- →Talos Snort rules 35536–35537 are available on Snort.org / FireSIGHT Management Center for network-level detection of CVE-2015-2502 exploitation attempts. ↗
- ·Snort rules 35536–35537 are subject to change as additional vulnerability information becomes available; always pull the latest rule versions from the authoritative source. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Microsoft Internet Explorer Memory Corruption Vulnerability
cisa·2022-04-13·CVSS 8.8
CVE-2015-2502 [HIGH] CWE-119 Microsoft Internet Explorer Memory Corruption Vulnerability
Vulnerability: Microsoft Internet Explorer Memory Corruption Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-2502
Remediation Due Date: 2022-05-04
VulDB
Microsoft Internet Explorer up to 11 memory corruption (MS15-093 / Nessus ID 85540)
vuldb·2026-04-22·CVSS 8.8
CVE-2015-2502 [HIGH] Microsoft Internet Explorer up to 11 memory corruption (MS15-093 / Nessus ID 85540)
A vulnerability was found in Microsoft Internet Explorer 7/8/9/10/11. It has been classified as critical. This affects an unknown function. The manipulation leads to memory corruption.
This vulnerability is uniquely identified as CVE-2015-2502. The attack is possible to be carried out remotely. Moreover, an exploit is present.
It is recommended to apply a patch to fix this issue.
GHSA
GHSA-8g3x-8p3x-3f3c: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
ghsa_unreviewed·2022-05-14
CVE-2015-2502 [HIGH] CWE-119 GHSA-8g3x-8p3x-3f3c: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015.
VulnCheck
Microsoft Internet Explorer Memory Corruption Vulnerability
vulncheck·2015·CVSS 8.8
CVE-2015-2502 [HIGH] CWE-119 Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Affected: Microsoft Internet Explorer
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cve.org/CVERecord?id=CVE-2015-2502; https://www.scribd.com/document/516749423/inzimam-2019-ijca-919742; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-04
No detection rules found.
No public exploits indexed.
Krebs
Microsoft Pushes Emergency Patch for IE
blogs_krebs·2015-08-18·CVSS 8.8
[HIGH] Microsoft Pushes Emergency Patch for IE
Microsoft today released an emergency software update to plug a critical security flaw in all supported versions of its Internet Explorer browser, from IE7 to IE 11 (this flaw does not appear to be present in Microsoft Edge, the new browser from Redmond and intended to replace IE).
According to the advisory that accompanies the patch, this a browse-and-get-owned vulnerability, meaning IE users can infect their systems merely by browsing to a hacked or malicious Web site. Windows users should install the patch whether or not they use IE as their main browser, as IE components can be invoked from a variety of applications, such as Microsoft Office. The emergency patch is available via Windows Update or from Microsoft’s Web site.
Microsoft’s advisory does not say whether this flaw is active
Talos
Microsoft Internet Explorer Out of Band Advisory
blogs_talos·2015-08-18·CVSS 8.8
CVE-2015-2502 [HIGH] Microsoft Internet Explorer Out of Band Advisory
Today an out of band advisory was released by Microsoft to address CVE-2015-2502. This vulnerability is addressed by MS15-093.
MS15-093 address a memory corruption vulnerability in Internet Explorer versions 7, 8, 9, 10, and 11. This affects all currently supported versions of Windows, including Windows 10.
This advisory is rated critical. An attacker can craft a web page designed to exploit this vulnerability and lure a user into visiting it. The compromise will result in remote code execution at the permission level of the affected user. The use of proper user access controls can limit the severity of the compromise.
As with most out of band releases, it has been reported that this attack is being exploited in the wild. Users should patch immediately.
### CoverageIn response to this
Qualys
MS15-093 - OOB fix for Internet Explorer | Qualys
blogs_qualys·2015-08-18·CVSS 8.8
CVE-2015-2502 [HIGH] MS15-093 - OOB fix for Internet Explorer | Qualys
Today Microsoft addressed a 0-day vulnerability in Internet Explorer in an out-of-band update described MS15-093 . The vulnerability CVE-2015-2502 is actively being exploited in the wild. The attack code is hosted on a malicious webpage that you or your users would have to visit in order to get infected. Attackers use a number of mechanisms to increase their target reach and lure users to the webpage including:
hosting the exploit on ad networks, which are then used by entirely legitimate websites
gaining control over legitimate websites, say blogs, by exploiting vulnerabilities in the blogging server software or simply weak credentials
setting up specific websites for the attack and manipulating search engine results
send you a link to the site by e-mail or other messaging programs
N
Talos
Microsoft Internet Explorer Out of Band Advisory
blogs_talos·2015-08-18·CVSS 8.8
CVE-2015-2502 [HIGH] Microsoft Internet Explorer Out of Band Advisory
## Microsoft Internet Explorer Out of Band Advisory
Today an out of band advisory was released by Microsoft to address CVE-2015-2502 . This vulnerability is addressed by MS15-093 .
MS15-093 address a memory corruption vulnerability in Internet Explorer versions 7, 8, 9, 10, and 11. This affects all currently supported versions of Windows, including Windows 10.
This advisory is rated critical. An attacker can craft a web page designed to exploit this vulnerability and lure a user into visiting it. The compromise will result in remote code execution at the permission level of the affected user. The use of proper user access controls can limit the severity of the compromise.
As with most out of band releases, it has been reported that this attack is being exploited in the wild. Users shou
Qualys
MS15-093 - OOB fix for Internet Explorer | Qualys
blogs_qualys·2015-08-18·CVSS 8.8
CVE-2015-2502 [HIGH] MS15-093 - OOB fix for Internet Explorer | Qualys
Today Microsoft addressed a 0-day vulnerability in Internet Explorer in an out-of-band update described MS15-093. The vulnerability CVE-2015-2502 is actively being exploited in the wild. The attack code is hosted on a malicious webpage that you or your users would have to visit in order to get infected. Attackers use a number of mechanisms to increase their target reach and lure users to the webpage including:
- hosting the exploit on ad networks, which are then used by entirely legitimate websites
- gaining control over legitimate websites, say blogs, by exploiting vulnerabilities in the blogging server software or simply weak credentials
- setting up specific websites for the attack and manipulating search engine results
- send you a link to the site by e-mail or other messaging program
Krebs
Microsoft Pushes Emergency Patch for IE – Krebs on Security
blogs_krebs·2015-08-01·CVSS 8.8
[HIGH] Microsoft Pushes Emergency Patch for IE – Krebs on Security
Microsoft today released an emergency software update to plug a critical security flaw in all supported versions of its Internet Explorer browser, from IE7 to IE 11 (this flaw does not appear to be present in Microsoft Edge , the new browser from Redmond and intended to replace IE).
According to the advisory that accompanies the patch, this a browse-and-get-owned vulnerability, meaning IE users can infect their systems merely by browsing to a hacked or malicious Web site. Windows users should install the patch whether or not they use IE as their main browser, as IE components can be invoked from a variety of applications, such as Microsoft Office. The emergency patch is available via Windows Update or from Microsoft’s Web site .
Microsoft’s advisory does not say whether this flaw is acti
Zscaler
Zscaler detects IE & MS Office Vulnerabilities | 08-19-2015
blogs_zscaler·CVSS 8.8
[HIGH] Zscaler detects IE & MS Office Vulnerabilities | 08-19-2015
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://twitter.com/Laughing_Mantis/statuses/633839231840841728http://twitter.com/Laughing_Mantis/statuses/633839771865886721http://www.securityfocus.com/bid/76403http://www.securitytracker.com/id/1033317http://www.securityweek.com/microsoft-issues-emergency-patch-critical-ie-flaw-exploited-wildhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-093http://twitter.com/Laughing_Mantis/statuses/633839231840841728http://twitter.com/Laughing_Mantis/statuses/633839771865886721http://www.securityfocus.com/bid/76403http://www.securitytracker.com/id/1033317http://www.securityweek.com/microsoft-issues-emergency-patch-critical-ie-flaw-exploited-wildhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-093https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2502
2015-08-19
Published
2022-04-13
Added to CISA KEV
Exploited in the wild