Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
TitleSecurity Update for Internet Explorer (3076321)
Informations
NameMS15-065First vendor Publication2015-07-14
VendorMicrosoftLast vendor Modification2015-07-22
Severity (Vendor) CriticalRevision1.1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Critical
Revision Note: V1.1 (July 22, 2015): Corrected the affected software entries for CVE-2015-1733 in the Severity Ratings and Vulnerability Identifiers table. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS15-065

CWE : Common Weakness Enumeration

%idName
70 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
20 %CWE-200Information Exposure
3 %CWE-264Permissions, Privileges, and Access Controls
3 %CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
3 %CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:29015
 
Oval ID: oval:org.mitre.oval:def:29015
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1767 (MS15-065)
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2401 and CVE-2015-2408.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1767
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28529
 
Oval ID: oval:org.mitre.oval:def:28529
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2401 (MS15-065)
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1767 and CVE-2015-2408.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2401
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29278
 
Oval ID: oval:org.mitre.oval:def:29278
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2385 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2385
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29360
 
Oval ID: oval:org.mitre.oval:def:29360
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2422 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2406.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2422
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29414
 
Oval ID: oval:org.mitre.oval:def:29414
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1738 (MS15-065)
Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2388.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1738
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29247
 
Oval ID: oval:org.mitre.oval:def:29247
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2391 (MS15-065)
Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2391
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s): Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29470
 
Oval ID: oval:org.mitre.oval:def:29470
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2414 (MS15-065)
Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to obtain sensitive browsing-history information via vectors related to image caching, aka "Internet Explorer Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2414
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29164
 
Oval ID: oval:org.mitre.oval:def:29164
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2383 (MS15-065)
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2384 and CVE-2015-2425.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2383
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29292
 
Oval ID: oval:org.mitre.oval:def:29292
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2408 (MS15-065)
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1767 and CVE-2015-2401.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2408
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29422
 
Oval ID: oval:org.mitre.oval:def:29422
Title: Internet Explorer information disclosure vulnerability - CVE-2015-2413 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted module-resource request, aka "Internet Explorer Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2413
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29295
 
Oval ID: oval:org.mitre.oval:def:29295
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1729 (MS15-065)
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1729
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29357
 
Oval ID: oval:org.mitre.oval:def:29357
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2404 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2406, and CVE-2015-2422.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2404
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29010
 
Oval ID: oval:org.mitre.oval:def:29010
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2403 (MS15-065)
Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2403
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s): Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29087
 
Oval ID: oval:org.mitre.oval:def:29087
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2410 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted stylesheet, aka "Internet Explorer Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2410
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29454
 
Oval ID: oval:org.mitre.oval:def:29454
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-2402 (MS15-065)
Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2402
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29316
 
Oval ID: oval:org.mitre.oval:def:29316
Title: Jscript9 Memory corruption vulnerability - CVE-2015-2419 (MS15-065)
Description: JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2419
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28804
 
Oval ID: oval:org.mitre.oval:def:28804
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2390 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2390
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29324
 
Oval ID: oval:org.mitre.oval:def:29324
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2397 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2397
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29487
 
Oval ID: oval:org.mitre.oval:def:29487
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2388 (MS15-065)
Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1738.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2388
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29075
 
Oval ID: oval:org.mitre.oval:def:29075
Title: Internet Explorer XSS filter bypass vulnerability - CVE-2015-2398 (MS15-065)
Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2398
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29296
 
Oval ID: oval:org.mitre.oval:def:29296
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2425 (MS15-065)
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2384.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2425
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29219
 
Oval ID: oval:org.mitre.oval:def:29219
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2411 (MS15-065)
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1733 and CVE-2015-2389.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2411
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28818
 
Oval ID: oval:org.mitre.oval:def:28818
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1733 (MS15-065)
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2389 and CVE-2015-2411.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1733
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29159
 
Oval ID: oval:org.mitre.oval:def:29159
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2412 (MS15-065)
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2412
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28938
 
Oval ID: oval:org.mitre.oval:def:28938
Title: VBScript Memory corruption vulnerability - CVE-2015-2372 (MS15-065 and MS15-066)
Description: vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2372
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft VBScript 5.6
Microsoft VBScript 5.7
Microsoft VBScript 5.8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28614
 
Oval ID: oval:org.mitre.oval:def:28614
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2384 (MS15-065)
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2425.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2384
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28834
 
Oval ID: oval:org.mitre.oval:def:28834
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2406 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2422.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2406
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29355
 
Oval ID: oval:org.mitre.oval:def:29355
Title: Internet Explorer ASLR bypass vulnerability - CVE-2015-2421 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2421
Version: 4
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29395
 
Oval ID: oval:org.mitre.oval:def:29395
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2389 (MS15-065)
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1733 and CVE-2015-2411.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2389
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application6
Application3

Information Assurance Vulnerability Management (IAVM)

DateDescription
2015-07-16IAVM : 2015-A-0166 - Microsoft VBScript Memory Corruption Vulnerability (MS15-066)
Severity : Category II - VMSKEY : V0061127

Snort® IPS/IDS

DateDescription
2017-06-29Microsoft Internet Explorer JSON strigify double free attempt
RuleID : 43043 - Revision : 1 - Type : BROWSER-IE
2017-06-29Microsoft Internet Explorer JSON strigify double free attempt
RuleID : 43042 - Revision : 1 - Type : BROWSER-IE
2016-03-14Microsoft Internet Explorer meta tag double free attempt
RuleID : 36605 - Revision : 2 - Type : BROWSER-IE
2016-03-14Microsoft Internet Explorer meta tag double free attempt
RuleID : 36604 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer 10 VBScript array element use after free attempt
RuleID : 35214 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer 10 VBScript array element use after free attempt
RuleID : 35213 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CMarkup object use after free attempt
RuleID : 35212 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CMarkup object use after free attempt
RuleID : 35211 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CMarkup object use after free attempt
RuleID : 35210 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CMarkup object use after free attempt
RuleID : 35209 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer JSON stringify double free attempt
RuleID : 35208 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer JSON stringify double free attempt
RuleID : 35207 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CImgElement object use after free attempt
RuleID : 35206 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CImgElement object use after free attempt
RuleID : 35205 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CImgElement object use after free attempt
RuleID : 35204 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CImgElement object use after free attempt
RuleID : 35203 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer TreeComputedContent object use after free attempt
RuleID : 35200 - Revision : 5 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer TreeComputedContent object use after free attempt
RuleID : 35199 - Revision : 3 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CFieldSetElement object use after free attempt
RuleID : 35197 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CFieldSetElement object use after free attempt
RuleID : 35196 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer InPrivate mode image information leak attempt
RuleID : 35195 - Revision : 2 - Type : POLICY-OTHER
2015-08-14Microsoft Internet Explorer InPrivate mode image information leak attempt
RuleID : 35194 - Revision : 2 - Type : POLICY-OTHER
2015-08-14Microsoft Internet Explorer InPrivate mode image information leak attempt
RuleID : 35193 - Revision : 2 - Type : POLICY-OTHER
2015-08-14Microsoft Internet Explorer InPrivate mode image information leak attempt
RuleID : 35192 - Revision : 2 - Type : POLICY-OTHER
2015-08-14Microsoft Internet Explorer meta tag double free attempt
RuleID : 35185 - Revision : 7 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer meta tag double free attempt
RuleID : 35184 - Revision : 7 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer table column resize use-after-free attempt
RuleID : 35183 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer table column resize use-after-free attempt
RuleID : 35182 - Revision : 2 - Type : BROWSER-IE
2015-08-14Remote non-JavaScript file found in script tag src attribute
RuleID : 35181 - Revision : 2 - Type : POLICY-OTHER
2015-08-14Remote non-JavaScript file found in script tag src attribute
RuleID : 35180 - Revision : 2 - Type : POLICY-OTHER
2015-08-14Microsoft Internet Explorer CAttribute object use after free attempt
RuleID : 35179 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CAttribute object use after free attempt
RuleID : 35178 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTitleElement object use after free attempt
RuleID : 35173 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTitleElement object use after free attempt
RuleID : 35172 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer MutationObserver use after free attempt
RuleID : 35171 - Revision : 5 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer MutationObserver use after free attempt
RuleID : 35170 - Revision : 5 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTreeNode object use after free attempt
RuleID : 35165 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTreeNode object use after free attempt
RuleID : 35164 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CFancyFormat object use-after-free attempt
RuleID : 35159 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CFancyFormat object use-after-free attempt
RuleID : 35158 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTableSection object out of bounds memory access ...
RuleID : 35157 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTableSection object out of bounds memory access ...
RuleID : 35156 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CGeneratedTreeNode use after free attempt
RuleID : 35155 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CGeneratedTreeNode use after free attempt
RuleID : 35154 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer memory access through an uninitialized pointer at...
RuleID : 35153 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer memory access through an uninitialized pointer at...
RuleID : 35152 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTableSection use after free attempt
RuleID : 35146 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTableSection use after free attempt
RuleID : 35145 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer sandbox permission bypass registry read attempt
RuleID : 35140 - Revision : 3 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer sandbox permission bypass registry read attempt
RuleID : 35139 - Revision : 3 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer sandbox read permission bypass attempt
RuleID : 35134 - Revision : 3 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer sandbox read permission bypass attempt
RuleID : 35133 - Revision : 3 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer local file information disclosure attempt
RuleID : 35128 - Revision : 4 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer local file information disclosure attempt
RuleID : 35127 - Revision : 4 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CInput use after free attempt
RuleID : 35126 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CInput use after free attempt
RuleID : 35125 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTableRow use after free attempt
RuleID : 35124 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTableRow use after free attempt
RuleID : 35123 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTextArea use after free attempt
RuleID : 35122 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTextArea use after free attempt
RuleID : 35121 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTreeNode type confusion attempt
RuleID : 35120 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer CTreeNode type confusion attempt
RuleID : 35119 - Revision : 2 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer svg elements use after free attempt
RuleID : 35117 - Revision : 3 - Type : BROWSER-IE
2015-08-14Microsoft Internet Explorer svg elements use after free attempt
RuleID : 35116 - Revision : 3 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

DateDescription
2015-07-15Name : The remote host has a web browser installed that is affected by multiple vuln...
File : smb_nt_ms15-065.nasl - Type : ACT_GATHER_INFO
2015-07-14Name : The remote Windows host is affected by a remote code execution vulnerability.
File : smb_nt_ms15-066.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
DateInformations
2015-08-14 21:23:53
  • Multiple Updates
2015-07-22 21:28:28
  • Multiple Updates
2015-07-22 21:16:26
  • Multiple Updates
2015-07-18 13:29:46
  • Multiple Updates
2015-07-15 21:27:45
  • Multiple Updates
2015-07-15 05:31:35
  • Multiple Updates
2015-07-14 21:30:39
  • Multiple Updates
2015-07-14 21:17:15
  • First insertion