CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS15-043 | Cumulative Security Update for Internet Explorer (3049563) | Internet Explorer | Critical | 13-05-2015 |
Technical Information
Brief overview of the risk:
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Detailed Information on the risk:
A security feature bypass exists when the VBScript engine fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to more reliably run arbitrary code on a target system.
In a web-browsing scenario, successful exploitation of an ASLR bypass requires that a user is logged on and running an affected version of Internet Explorer, and browses to a malicious website. Therefore, any systems where a web browser is used frequently, such as workstations or terminal servers, are at the most risk from ASLR bypasses. Servers could be at more risk if administrators allow users to browse and read email on servers
Further information on this exploit is available at : MS15-043
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Affected Software
Internet Explorer 6Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11