Vulnerability Details CVE-2015-2502
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.226
EPSS Ranking 95.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.3
Proposed Action
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Ransomware Campaign
Unknown
References
- http://twitter.com/Laughing_Mantis/statuses/633839231840841728
- http://twitter.com/Laughing_Mantis/statuses/633839771865886721
- http://www.securityfocus.com/bid/76403
- http://www.securitytracker.com/id/1033317
- http://www.securityweek.com/microsoft-issues-emergency-patch-critical-ie-flaw-exploited-wild
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-093
- http://twitter.com/Laughing_Mantis/statuses/633839231840841728
- http://twitter.com/Laughing_Mantis/statuses/633839771865886721
- http://www.securityfocus.com/bid/76403
- http://www.securitytracker.com/id/1033317
- http://www.securityweek.com/microsoft-issues-emergency-patch-critical-ie-flaw-exploited-wild
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-093
Products affected by CVE-2015-2502
-
cpe:2.3:a:microsoft:internet_explorer:10
-
cpe:2.3:a:microsoft:internet_explorer:11
-
cpe:2.3:a:microsoft:internet_explorer:7
-
cpe:2.3:a:microsoft:internet_explorer:8
-
cpe:2.3:a:microsoft:internet_explorer:9
-
cpe:2.3:o:microsoft:windows_10_1507:-
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_8.1:-
-
cpe:2.3:o:microsoft:windows_8:-
-
cpe:2.3:o:microsoft:windows_rt_8.1:-
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_server_2012:-
-
cpe:2.3:o:microsoft:windows_server_2012:r2
-
cpe:2.3:o:microsoft:windows_vista:-