Executive Summary

Summary
Title Cumulative Security Update for Internet Explorer (3038314)
Informations
Name MS15-032 First vendor Publication 2015-04-14
Vendor Microsoft Last vendor Modification 2015-04-30
Severity (Vendor) Critical Revision 2.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Critical
Revision Note: V2.0 (April 30, 2015): Updated bulletin to inform customers running Internet Explorer on Windows Server 2003 Service Pack 2 that the 3038314 update on the Microsoft Download Center was updated on April 22, 2015. Microsoft recommends that customers who installed the 3038314 update prior to April 22 should reinstall the update to be fully protected from the vulnerabilities discussed in this bulletin.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS15-032

CWE : Common Weakness Enumeration

% Id Name
80 % CWE-399 Resource Management Errors
10 % CWE-264 Permissions, Privileges, and Access Controls
10 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:27899
 
Oval ID: oval:org.mitre.oval:def:27899
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1652 (MS15-032)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1666.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1652
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27908
 
Oval ID: oval:org.mitre.oval:def:27908
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1667 (MS15-032)
Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1667
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28401
 
Oval ID: oval:org.mitre.oval:def:28401
Title: Internet Explorer memory corruption vulnerability - CVE-2014-6374 (MS14-080)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2014-6374
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 7
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28574
 
Oval ID: oval:org.mitre.oval:def:28574
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1659 (MS15-032)
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1662 and CVE-2015-1665.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1659
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28704
 
Oval ID: oval:org.mitre.oval:def:28704
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1657 (MS15-032)
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1657
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28709
 
Oval ID: oval:org.mitre.oval:def:28709
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1665 (MS15-032)
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1659 and CVE-2015-1662.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1665
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28783
 
Oval ID: oval:org.mitre.oval:def:28783
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1662 (MS15-032)
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1659 and CVE-2015-1665.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1662
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28821
 
Oval ID: oval:org.mitre.oval:def:28821
Title: Internet Explorer ASLR bypass vulnerability - CVE-2015-1661 (MS15-032)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1661
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28861
 
Oval ID: oval:org.mitre.oval:def:28861
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1666 (MS15-032)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1652.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1666
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28865
 
Oval ID: oval:org.mitre.oval:def:28865
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1660 (MS15-032)
Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1660
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s): Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28895
 
Oval ID: oval:org.mitre.oval:def:28895
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1668 (MS15-032)
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1668
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 7

Snort® IPS/IDS

Date Description
2019-05-30 Microsoft Internet Explorer TextData object use after free attempt
RuleID : 49951 - Revision : 1 - Type : BROWSER-IE
2019-05-30 Microsoft Internet Explorer TextData object use after free attempt
RuleID : 49950 - Revision : 1 - Type : BROWSER-IE
2015-08-04 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 35053 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34212 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34211 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34210 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34209 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34208 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34207 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34206 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34205 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34204 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34203 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34202 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34201 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34200 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34199 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34198 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34197 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34196 - Revision : 2 - Type : BROWSER-IE
2015-05-27 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34195 - Revision : 2 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer incorrect array element read information disclosu...
RuleID : 34090 - Revision : 2 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer incorrect array element read information disclosu...
RuleID : 34089 - Revision : 2 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer CDocument use after free attempt
RuleID : 34085 - Revision : 2 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer CDocument use after free attempt
RuleID : 34084 - Revision : 2 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer append and swap use after free attempt
RuleID : 34077 - Revision : 2 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer append and swap use after free attempt
RuleID : 34076 - Revision : 2 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer TextData object use after free attempt
RuleID : 34075 - Revision : 3 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer TextData object use after free attempt
RuleID : 34074 - Revision : 3 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer CMetaElement use after free attempt
RuleID : 34073 - Revision : 4 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer CMetaElement use after free attempt
RuleID : 34072 - Revision : 4 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34071 - Revision : 3 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer CSVGMarkerElement use after free attempt
RuleID : 34070 - Revision : 3 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer 11 invalid array element read attempt
RuleID : 34069 - Revision : 3 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer 11 invalid array element read attempt
RuleID : 34068 - Revision : 3 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer CMapStringToPtr use after free attempt
RuleID : 34065 - Revision : 4 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer CMapStringToPtr use after free attempt
RuleID : 34064 - Revision : 4 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer CBodyElement use after free attempt
RuleID : 34060 - Revision : 2 - Type : BROWSER-IE
2015-05-14 Microsoft Internet Explorer CBodyElement use after free attempt
RuleID : 34059 - Revision : 2 - Type : BROWSER-IE
2015-01-08 Microsoft Internet Explorer use of rtf file in clipboard attempt
RuleID : 32704 - Revision : 2 - Type : BROWSER-IE
2015-01-08 Microsoft Internet Explorer use of rtf file in clipboard attempt
RuleID : 32703 - Revision : 2 - Type : BROWSER-IE
2014-12-11 Microsoft Internet Explorer CElementIDContextList use after free attempt
RuleID : 32443 - Revision : 3 - Type : BROWSER-IE
2014-12-11 Microsoft Internet Explorer CElementIDContextList use after free attempt
RuleID : 32442 - Revision : 3 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date Description
2015-04-14 Name : The remote host has a web browser installed that is affected by multiple vuln...
File : smb_nt_ms15-032.nasl - Type : ACT_GATHER_INFO
2014-12-09 Name : The remote host has a web browser installed that is affected by multiple vuln...
File : smb_nt_ms14-080.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2016-04-27 04:56:05
  • Multiple Updates
2015-05-27 21:26:39
  • Multiple Updates
2015-05-14 21:26:34
  • Multiple Updates
2015-05-01 00:29:10
  • Multiple Updates
2015-05-01 00:15:46
  • Multiple Updates
2015-04-15 13:28:34
  • Multiple Updates
2015-04-15 05:31:33
  • Multiple Updates
2015-04-14 21:30:21
  • Multiple Updates
2015-04-14 21:26:09
  • Multiple Updates
2015-04-14 21:17:09
  • First insertion