Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2015-2502

Published: 19/08/2015 Updated: 12/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

Microsoft Internet Explorer 7 through 11 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet explorer 10

microsoft internet explorer 11

microsoft internet explorer 7

microsoft internet explorer 8

microsoft internet explorer 9

Recent Articles

Unholy Hong Kong hackers hit evangelicals with IE 0day
The Register • Darren Pauli • 21 Aug 2015

Fast moving blackhats backdoor church-goers.

Hackers are already using an Internet Explorer vulnerability disclosed this week to hack members of an evangelical church. The attackers compromised the website of the Evangelical Lutheran Church of Hong Kong, injecting a malicious iFrame that redirects the faithful to a malicious website sporting the Internet Explorer vulnerability (CVE-2015-2502). More javascript redirections lead to the PlugX (pdf) malware landing on machines. Once running, the malware opens a back door and begins harvesting ...

Read more...
Microsoft drops rush Internet Explorer fix for remote code exec hole
The Register • Darren Pauli • 19 Aug 2015

IE 7 through 11 needs a big band-aid, fast, especially workstations, terminal servers

Microsoft has released an out-of-band patch for Internet Explorer versions 7 through 11, to close a dangerous remote code execution flaw allowing attackers to commandeer machines. The attack will be a highly useful tool in hacker arsenals likely allowing them to build powerful phishing, watering hole, and malvertising campaigns. Redmond's new Edge browser is not impacted. "The vulnerability (CVE-2015-2502) could allow remote code execution if a user views a specially crafted webpage using Intern...

Read more...

References

CWE-119http://twitter.com/Laughing_Mantis/statuses/633839771865886721http://twitter.com/Laughing_Mantis/statuses/633839231840841728http://www.securityweek.com/microsoft-issues-emergency-patch-critical-ie-flaw-exploited-wildhttp://www.securityfocus.com/bid/76403http://www.securitytracker.com/id/1033317https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-093https://nvd.nist.govhttps://www.theregister.co.uk/2015/08/19/microsoft_drops_rush_internet_explorer_fix_for_remote_code_exec_hole/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook