CVE-2015-6052

CWE-200Information Exposure4 documents4 sources
Severity
4.3MEDIUM
EPSS
18.8%
top 4.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Internet ExplorerMicrosoft JscriptMicrosoft Vbscript
Timeline
PublishedOct 14
Latest updateMay 14

Description

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDmicrosoft/jscript5.7, 5.8+1
NVDmicrosoft/vbscript5.7, 5.8+1
NVDmicrosoft/internet_explorer4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-qm8v-mwjv-f366: The Microsoft (1) VBScript 52022-05-14
CVEList
CVE-2015-6052: The Microsoft (1) VBScript 52015-10-14

💬Community

1
Bugzilla
CVE-2014-8241 tigervnc: NULL pointer dereference flaw in XRegion2014-10-10
CVE-2015-6052 (MEDIUM CVSS 4.3) | The Microsoft (1) VBScript 5.7 and | cvebase.io