Vulnerability Details CVE-2015-6184
The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) via a malformed Cascading Style Sheets (CSS) token sequence in conjunction with modifications to HTML elements, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6048 and CVE-2015-6049.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.503
EPSS Ranking 97.7%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 9.3
References
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106
- https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1218
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106
- https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1218
Products affected by CVE-2015-6184
-
cpe:2.3:a:microsoft:internet_explorer:10
-
cpe:2.3:a:microsoft:internet_explorer:11
-
cpe:2.3:a:microsoft:internet_explorer:7
-
cpe:2.3:a:microsoft:internet_explorer:8
-
cpe:2.3:a:microsoft:internet_explorer:9
-
cpe:2.3:o:microsoft:windows_10:-
-
cpe:2.3:o:microsoft:windows_10:1511
-
cpe:2.3:o:microsoft:windows_10:1607
-
cpe:2.3:o:microsoft:windows_10:1703
-
cpe:2.3:o:microsoft:windows_10:1709
-
cpe:2.3:o:microsoft:windows_10:1803
-
cpe:2.3:o:microsoft:windows_10:1809
-
cpe:2.3:o:microsoft:windows_10:1903
-
cpe:2.3:o:microsoft:windows_10:1909
-
cpe:2.3:o:microsoft:windows_10:2004
-
cpe:2.3:o:microsoft:windows_10:2019
-
cpe:2.3:o:microsoft:windows_10:20h2
-
cpe:2.3:o:microsoft:windows_10:21h1
-
cpe:2.3:o:microsoft:windows_10:21h2
-
cpe:2.3:o:microsoft:windows_10:22h2