CVE-2015-6135

CWE-200Information Exposure3 documents3 sources
Severity
5.0MEDIUM
EPSS
8.5%
top 7.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft JscriptMicrosoft Vbscript
Timeline
PublishedDec 9
Latest updateMay 14

Description

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/jscript5.7, 5.8+1
NVDmicrosoft/vbscript5.7, 5.8+1

🔴Vulnerability Details

2
GHSA
GHSA-xc27-gx39-5rr3: The Microsoft (1) VBScript 52022-05-14
CVEList
CVE-2015-6135: The Microsoft (1) VBScript 52015-12-09
CVE-2015-6135 (MEDIUM CVSS 5) | The Microsoft (1) VBScript 5.7 and | cvebase.io