⚠ Actively exploited
Added to CISA KEV on 2022-04-13. Federal agencies required to patch by 2022-05-04. Required action: Apply updates per vendor instructions..
CVE-2015-2502 — Out-of-bounds Write in Microsoft Internet Explorer
Severity
8.8HIGHNVD
EPSS
22.6%
top 4.14%
CISA KEV
KEV
Added 2022-04-13
Due 2022-05-04
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedAug 19
KEV addedApr 13
KEV dueMay 4
Latest updateMay 14
CISA Required Action: Apply updates per vendor instructions.
Description
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages1 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-8g3x-8p3x-3f3c: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf↗2022-05-14
CVEList▶
CVE-2015-2502: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf↗2015-08-19