CVE-2015-2482

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted replace operation with a JavaScript regular expression, aka "Scripting Engine Memory Corruption Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://seclists.org/fulldisclosure/2015/Oct/54	Third Party Advisory
http://www.securitytracker.com/id/1033800	Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-15-515	Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108
https://www.exploit-db.com/exploits/40798/
http://seclists.org/fulldisclosure/2015/Oct/54	Third Party Advisory
http://www.securitytracker.com/id/1033800	Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-15-515	Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108
https://www.exploit-db.com/exploits/40798/

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:microsoft:jscript:5.6:::::::*
	cpe:2.3:a:microsoft:jscript:5.7:::::::*
	cpe:2.3:a:microsoft:jscript:5.8:::::::*
	cpe:2.3:a:microsoft:vbscript:5.6:::::::*
	cpe:2.3:a:microsoft:vbscript:5.7:::::::*
	cpe:2.3:a:microsoft:vbscript:5.8:::::::*

OR	cpe:2.3:a:microsoft:internet_explorer:8:::::::*
	cpe:2.3:a:microsoft:internet_explorer:9:::::::*
	cpe:2.3:a:microsoft:internet_explorer:10:::::::*
	cpe:2.3:a:microsoft:internet_explorer:11:-::::::

History

21 Nov 2024, 02:27

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2015/Oct/54 - Third Party Advisory~~	() http://seclists.org/fulldisclosure/2015/Oct/54 - Third Party Advisory
References	~~() http://www.securitytracker.com/id/1033800 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1033800 - Third Party Advisory, VDB Entry
References	~~() http://www.zerodayinitiative.com/advisories/ZDI-15-515 - Third Party Advisory, VDB Entry~~	() http://www.zerodayinitiative.com/advisories/ZDI-15-515 - Third Party Advisory, VDB Entry
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106 -
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108 -
References	~~() https://www.exploit-db.com/exploits/40798/ -~~	() https://www.exploit-db.com/exploits/40798/ -

Information

Published : 2015-10-14 01:59

Updated : 2024-11-21 02:27

NVD link : CVE-2015-2482

Mitre link : CVE-2015-2482

CVE.ORG link : CVE-2015-2482

JSON object : View

Products Affected

microsoft

vbscript
internet_explorer
jscript

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

9.3 /10