Executive Summary

Summary
TitleCumulative Security Update for Internet Explorer (3038314)
Informations
NameMS15-032First vendor Publication2015-04-14
VendorMicrosoftLast vendor Modification2015-04-30
Severity (Vendor) CriticalRevision2.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Critical
Revision Note: V2.0 (April 30, 2015): Updated bulletin to inform customers running Internet Explorer on Windows Server 2003 Service Pack 2 that the 3038314 update on the Microsoft Download Center was updated on April 22, 2015. Microsoft recommends that customers who installed the 3038314 update prior to April 22 should reinstall the update to be fully protected from the vulnerabilities discussed in this bulletin.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS15-032

CWE : Common Weakness Enumeration

%idName
80 %CWE-399Resource Management Errors
10 %CWE-264Permissions, Privileges, and Access Controls
10 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28704
 
Oval ID: oval:org.mitre.oval:def:28704
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1657 (MS15-032)
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1657
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28861
 
Oval ID: oval:org.mitre.oval:def:28861
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1666 (MS15-032)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1652.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1666
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27899
 
Oval ID: oval:org.mitre.oval:def:27899
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1652 (MS15-032)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1666.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1652
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28821
 
Oval ID: oval:org.mitre.oval:def:28821
Title: Internet Explorer ASLR bypass vulnerability - CVE-2015-1661 (MS15-032)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1661
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28783
 
Oval ID: oval:org.mitre.oval:def:28783
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1662 (MS15-032)
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1659 and CVE-2015-1665.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1662
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28401
 
Oval ID: oval:org.mitre.oval:def:28401
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6374 (MS14-080)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2014-6374
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 7
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28709
 
Oval ID: oval:org.mitre.oval:def:28709
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1665 (MS15-032)
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1659 and CVE-2015-1662.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1665
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28574
 
Oval ID: oval:org.mitre.oval:def:28574
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1659 (MS15-032)
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1662 and CVE-2015-1665.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1659
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28895
 
Oval ID: oval:org.mitre.oval:def:28895
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1668 (MS15-032)
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1668
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27908
 
Oval ID: oval:org.mitre.oval:def:27908
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1667 (MS15-032)
Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1667
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28865
 
Oval ID: oval:org.mitre.oval:def:28865
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1660 (MS15-032)
Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1660
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s): Microsoft Internet Explorer 9
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application7

Snort® IPS/IDS

DateDescription
2019-05-30Microsoft Internet Explorer TextData object use after free attempt
RuleID : 49951 - Revision : 1 - Type : BROWSER-IE
2019-05-30Microsoft Internet Explorer TextData object use after free attempt
RuleID : 49950 - Revision : 1 - Type : BROWSER-IE
2015-08-04Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 35053 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34212 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34211 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34210 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34209 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34208 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34207 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34206 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34205 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34204 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34203 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34202 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34201 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34200 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34199 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34198 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34197 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34196 - Revision : 2 - Type : BROWSER-IE
2015-05-27Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34195 - Revision : 2 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer incorrect array element read information disclosu...
RuleID : 34090 - Revision : 2 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer incorrect array element read information disclosu...
RuleID : 34089 - Revision : 2 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer CDocument use after free attempt
RuleID : 34085 - Revision : 2 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer CDocument use after free attempt
RuleID : 34084 - Revision : 2 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer append and swap use after free attempt
RuleID : 34077 - Revision : 2 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer append and swap use after free attempt
RuleID : 34076 - Revision : 2 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer TextData object use after free attempt
RuleID : 34075 - Revision : 3 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer TextData object use after free attempt
RuleID : 34074 - Revision : 3 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer CMetaElement use after free attempt
RuleID : 34073 - Revision : 4 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer CMetaElement use after free attempt
RuleID : 34072 - Revision : 4 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34071 - Revision : 3 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34070 - Revision : 3 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer 11 invalid array element read attempt
RuleID : 34069 - Revision : 3 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer 11 invalid array element read attempt
RuleID : 34068 - Revision : 3 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer CMapStringToPtr use after free attempt
RuleID : 34065 - Revision : 4 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer CMapStringToPtr use after free attempt
RuleID : 34064 - Revision : 4 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer CBodyElement use after free attempt
RuleID : 34060 - Revision : 2 - Type : BROWSER-IE
2015-05-14Microsoft Internet Explorer CBodyElement use after free attempt
RuleID : 34059 - Revision : 2 - Type : BROWSER-IE
2015-01-08Microsoft Internet Explorer use of rtf file in clipboard attempt
RuleID : 32704 - Revision : 2 - Type : BROWSER-IE
2015-01-08Microsoft Internet Explorer use of rtf file in clipboard attempt
RuleID : 32703 - Revision : 2 - Type : BROWSER-IE
2014-12-11Microsoft Internet Explorer CElementIDContextList use after free attempt
RuleID : 32443 - Revision : 3 - Type : BROWSER-IE
2014-12-11Microsoft Internet Explorer CElementIDContextList use after free attempt
RuleID : 32442 - Revision : 3 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

DateDescription
2015-04-14Name : The remote host has a web browser installed that is affected by multiple vuln...
File : smb_nt_ms15-032.nasl - Type : ACT_GATHER_INFO
2014-12-09Name : The remote host has a web browser installed that is affected by multiple vuln...
File : smb_nt_ms14-080.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
DateInformations
2016-04-27 04:56:05
  • Multiple Updates
2015-05-27 21:26:39
  • Multiple Updates
2015-05-14 21:26:34
  • Multiple Updates
2015-05-01 00:29:10
  • Multiple Updates
2015-05-01 00:15:46
  • Multiple Updates
2015-04-15 13:28:34
  • Multiple Updates
2015-04-15 05:31:33
  • Multiple Updates
2015-04-14 21:30:21
  • Multiple Updates
2015-04-14 21:26:09
  • Multiple Updates
2015-04-14 21:17:09
  • First insertion