Published: 11/02/2015 Updated: 12/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

Microsoft Internet Explorer 9 through 11 allows remote malicious users to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftInternet Explorer9, 10, 11

Recent Articles

Chinese Hackers Compromised Forbes.com Using IE, Flash Zero Days
Threatpost • Chris Brook • 11 Feb 2015

A Chinese APT group was able to chain together two zero day vulnerabilities, one against Adobe’s Flash Player and one against Microsoft’s Internet Explorer 9, to compromise a popular news site late last year.
The group’s aim was to gain access to computers at several U.S. defense and financial firms by setting up a watering hole attack on the site that would go on to drop a malicious .DLL.
Researchers with Invincea and iSIGHT Partners worked in tandem to dig up information ab...

Patch now: Design flaw in Windows security allows hackers to own corporate laptops, PCs
The Register • Iain Thomson in San Francisco • 10 Feb 2015

Nine fixes to install, three critical and one super bad

Another month, another Patch Tuesday, but this release has a special sting in the tail: a flaw in the fundamental design of Windows that's taken a year to correct, and is unfixable on Server 2003.
The critical blunder allows miscreants to completely take over a domain-configured Windows system if it is connected to a malicious network – wirelessly or wired. Most home users shouldn't be hit by this, as they are not usually domain-configured, but it's a massive pain in the ASCII for IT pro...