cbcvebase.
CVE-2015-6168
published 2015-12-09

CVE-2015-6168: Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge…

PriorityP261critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
31.25%
98.1th percentile
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6153.

Detection & IOCsextracted from sources · hover to see the quote

versionMicrosoft Edge 11.0.10240.16384
command/:first-letter{word-spacing:9
commandx:first-letter{background-position:inherit
  • Triggering the vulnerable code path does not require JavaScript to be enabled; block or alert on CSS payloads using :first-letter pseudo-element with word-spacing or background-position properties delivered to Edge clients.
  • Vulnerability class is CMarkup::EnsureDeleteCFState Use-After-Free in Microsoft Edge, referenced as MS15-125; hunt for exploitation of this specific internal function in Edge crash telemetry or memory forensics.
  • ·MemGC is enabled by default in Microsoft Edge and was intended to mitigate use-after-free bugs; however this vulnerability was not fully mitigated by it, suggesting the root cause may be more complex than a straightforward UAF — detections should not assume MemGC prevents exploitation.
  • ·The researcher did not fully investigate exploitability or root cause; the exact exploitation primitive and control flow are unknown, limiting confidence in behavioral detections.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.