CVE-2015-6168
published 2015-12-09CVE-2015-6168: Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge…
PriorityP261critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
31.25%
98.1th percentile
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6153.
Detection & IOCsextracted from sources · hover to see the quote
- →Triggering the vulnerable code path does not require JavaScript to be enabled; block or alert on CSS payloads using :first-letter pseudo-element with word-spacing or background-position properties delivered to Edge clients. ↗
- →Vulnerability class is CMarkup::EnsureDeleteCFState Use-After-Free in Microsoft Edge, referenced as MS15-125; hunt for exploitation of this specific internal function in Edge crash telemetry or memory forensics. ↗
- ·MemGC is enabled by default in Microsoft Edge and was intended to mitigate use-after-free bugs; however this vulnerability was not fully mitigated by it, suggesting the root cause may be more complex than a straightforward UAF — detections should not assume MemGC prevents exploitation. ↗
- ·The researcher did not fully investigate exploitability or root cause; the exact exploitation primitive and control flow are unknown, limiting confidence in behavioral detections. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
http://blog.skylined.nl/20161201001.htmlhttp://seclists.org/fulldisclosure/2016/Dec/4http://www.securitytracker.com/id/1034316http://www.zerodayinitiative.com/advisories/ZDI-15-583https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125https://www.exploit-db.com/exploits/40878/http://blog.skylined.nl/20161201001.htmlhttp://seclists.org/fulldisclosure/2016/Dec/4http://www.securitytracker.com/id/1034316http://www.zerodayinitiative.com/advisories/ZDI-15-583https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-125https://www.exploit-db.com/exploits/40878/
2015-12-09
Published