Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Security Update for Internet Explorer (3076321)
Informations
Name MS15-065 First vendor Publication 2015-07-14
Vendor Microsoft Last vendor Modification 2015-07-22
Severity (Vendor) Critical Revision 1.1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Critical
Revision Note: V1.1 (July 22, 2015): Corrected the affected software entries for CVE-2015-1733 in the Severity Ratings and Vulnerability Identifiers table. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS15-065

CWE : Common Weakness Enumeration

% Id Name
70 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20 % CWE-200 Information Exposure
3 % CWE-264 Permissions, Privileges, and Access Controls
3 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
3 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28529
 
Oval ID: oval:org.mitre.oval:def:28529
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2401 (MS15-065)
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1767 and CVE-2015-2408.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2401
 Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28614
 
Oval ID: oval:org.mitre.oval:def:28614
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2384 (MS15-065)
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2425.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2384
 Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28804
 
Oval ID: oval:org.mitre.oval:def:28804
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2390 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2390
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28818
 
Oval ID: oval:org.mitre.oval:def:28818
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1733 (MS15-065)
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2389 and CVE-2015-2411.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1733
 Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28834
 
Oval ID: oval:org.mitre.oval:def:28834
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2406 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2422.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2406
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28938
 
Oval ID: oval:org.mitre.oval:def:28938
Title: VBScript Memory corruption vulnerability - CVE-2015-2372 (MS15-065 and MS15-066)
Description: vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2372
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft VBScript 5.6
Microsoft VBScript 5.7
Microsoft VBScript 5.8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29010
 
Oval ID: oval:org.mitre.oval:def:29010
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2403 (MS15-065)
Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2403
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
 Product(s): Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29015
 
Oval ID: oval:org.mitre.oval:def:29015
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1767 (MS15-065)
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2401 and CVE-2015-2408.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1767
 Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29075
 
Oval ID: oval:org.mitre.oval:def:29075
Title: Internet Explorer XSS filter bypass vulnerability - CVE-2015-2398 (MS15-065)
Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2398
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29087
 
Oval ID: oval:org.mitre.oval:def:29087
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2410 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted stylesheet, aka "Internet Explorer Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2410
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29159
 
Oval ID: oval:org.mitre.oval:def:29159
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2412 (MS15-065)
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2412
 Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29164
 
Oval ID: oval:org.mitre.oval:def:29164
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2383 (MS15-065)
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2384 and CVE-2015-2425.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2383
 Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29219
 
Oval ID: oval:org.mitre.oval:def:29219
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2411 (MS15-065)
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1733 and CVE-2015-2389.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2411
 Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29247
 
Oval ID: oval:org.mitre.oval:def:29247
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2391 (MS15-065)
Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2391
 Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
 Product(s): Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29278
 
Oval ID: oval:org.mitre.oval:def:29278
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2385 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2385
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29292
 
Oval ID: oval:org.mitre.oval:def:29292
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2408 (MS15-065)
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1767 and CVE-2015-2401.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2408
 Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29295
 
Oval ID: oval:org.mitre.oval:def:29295
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1729 (MS15-065)
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-1729
 Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29296
 
Oval ID: oval:org.mitre.oval:def:29296
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2425 (MS15-065)
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2384.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2425
 Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29316
 
Oval ID: oval:org.mitre.oval:def:29316
Title: Jscript9 Memory corruption vulnerability - CVE-2015-2419 (MS15-065)
Description: JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2419
 Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29324
 
Oval ID: oval:org.mitre.oval:def:29324
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2397 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2397
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29355
 
Oval ID: oval:org.mitre.oval:def:29355
Title: Internet Explorer ASLR bypass vulnerability - CVE-2015-2421 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2421
 Version: 4
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29357
 
Oval ID: oval:org.mitre.oval:def:29357
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2404 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2406, and CVE-2015-2422.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2404
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29360
 
Oval ID: oval:org.mitre.oval:def:29360
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2422 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, and CVE-2015-2406.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2422
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29395
 
Oval ID: oval:org.mitre.oval:def:29395
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2389 (MS15-065)
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1733 and CVE-2015-2411.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2389
 Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29414
 
Oval ID: oval:org.mitre.oval:def:29414
Title: Internet Explorer memory corruption vulnerability - CVE-2015-1738 (MS15-065)
Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2388.
Family: windows Class: vulnerability
Reference(s): CVE-2015-1738
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
 Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29422
 
Oval ID: oval:org.mitre.oval:def:29422
Title: Internet Explorer information disclosure vulnerability - CVE-2015-2413 (MS15-065)
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted module-resource request, aka "Internet Explorer Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2413
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29454
 
Oval ID: oval:org.mitre.oval:def:29454
Title: Internet Explorer elevation of privilege vulnerability - CVE-2015-2402 (MS15-065)
Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2402
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29470
 
Oval ID: oval:org.mitre.oval:def:29470
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2414 (MS15-065)
Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to obtain sensitive browsing-history information via vectors related to image caching, aka "Internet Explorer Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2015-2414
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29487
 
Oval ID: oval:org.mitre.oval:def:29487
Title: Internet Explorer memory corruption vulnerability - CVE-2015-2388 (MS15-065)
Description: Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1738.
Family: windows Class: vulnerability
Reference(s): CVE-2015-2388
 Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
 Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6
Application 3

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-16 IAVM : 2015-A-0166 - Microsoft VBScript Memory Corruption Vulnerability (MS15-066)
Severity : Category II - VMSKEY : V0061127

Snort® IPS/IDS

Date Description
2017-06-29 Microsoft Internet Explorer JSON strigify double free attempt
RuleID : 43043 - Revision : 1 - Type : BROWSER-IE
2017-06-29 Microsoft Internet Explorer JSON strigify double free attempt
RuleID : 43042 - Revision : 1 - Type : BROWSER-IE
2016-03-14 Microsoft Internet Explorer meta tag double free attempt
RuleID : 36605 - Revision : 2 - Type : BROWSER-IE
2016-03-14 Microsoft Internet Explorer meta tag double free attempt
RuleID : 36604 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer 10 VBScript array element use after free attempt
RuleID : 35214 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer 10 VBScript array element use after free attempt
RuleID : 35213 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CMarkup object use after free attempt
RuleID : 35212 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CMarkup object use after free attempt
RuleID : 35211 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CMarkup object use after free attempt
RuleID : 35210 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CMarkup object use after free attempt
RuleID : 35209 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer JSON stringify double free attempt
RuleID : 35208 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer JSON stringify double free attempt
RuleID : 35207 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CImgElement object use after free attempt
RuleID : 35206 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CImgElement object use after free attempt
RuleID : 35205 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CImgElement object use after free attempt
RuleID : 35204 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CImgElement object use after free attempt
RuleID : 35203 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer TreeComputedContent object use after free attempt
RuleID : 35200 - Revision : 5 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer TreeComputedContent object use after free attempt
RuleID : 35199 - Revision : 3 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CFieldSetElement object use after free attempt
RuleID : 35197 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CFieldSetElement object use after free attempt
RuleID : 35196 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer InPrivate mode image information leak attempt
RuleID : 35195 - Revision : 2 - Type : POLICY-OTHER
2015-08-14 Microsoft Internet Explorer InPrivate mode image information leak attempt
RuleID : 35194 - Revision : 2 - Type : POLICY-OTHER
2015-08-14 Microsoft Internet Explorer InPrivate mode image information leak attempt
RuleID : 35193 - Revision : 2 - Type : POLICY-OTHER
2015-08-14 Microsoft Internet Explorer InPrivate mode image information leak attempt
RuleID : 35192 - Revision : 2 - Type : POLICY-OTHER
2015-08-14 Microsoft Internet Explorer meta tag double free attempt
RuleID : 35185 - Revision : 7 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer meta tag double free attempt
RuleID : 35184 - Revision : 7 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer table column resize use-after-free attempt
RuleID : 35183 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer table column resize use-after-free attempt
RuleID : 35182 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Remote non-JavaScript file found in script tag src attribute
RuleID : 35181 - Revision : 2 - Type : POLICY-OTHER
2015-08-14 Remote non-JavaScript file found in script tag src attribute
RuleID : 35180 - Revision : 2 - Type : POLICY-OTHER
2015-08-14 Microsoft Internet Explorer CAttribute object use after free attempt
RuleID : 35179 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CAttribute object use after free attempt
RuleID : 35178 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTitleElement object use after free attempt
RuleID : 35173 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTitleElement object use after free attempt
RuleID : 35172 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer MutationObserver use after free attempt
RuleID : 35171 - Revision : 5 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer MutationObserver use after free attempt
RuleID : 35170 - Revision : 5 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTreeNode object use after free attempt
RuleID : 35165 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTreeNode object use after free attempt
RuleID : 35164 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CFancyFormat object use-after-free attempt
RuleID : 35159 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CFancyFormat object use-after-free attempt
RuleID : 35158 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTableSection object out of bounds memory access ...
RuleID : 35157 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTableSection object out of bounds memory access ...
RuleID : 35156 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CGeneratedTreeNode use after free attempt
RuleID : 35155 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CGeneratedTreeNode use after free attempt
RuleID : 35154 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer memory access through an uninitialized pointer at...
RuleID : 35153 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer memory access through an uninitialized pointer at...
RuleID : 35152 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTableSection use after free attempt
RuleID : 35146 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTableSection use after free attempt
RuleID : 35145 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer sandbox permission bypass registry read attempt
RuleID : 35140 - Revision : 3 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer sandbox permission bypass registry read attempt
RuleID : 35139 - Revision : 3 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer sandbox read permission bypass attempt
RuleID : 35134 - Revision : 3 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer sandbox read permission bypass attempt
RuleID : 35133 - Revision : 3 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer local file information disclosure attempt
RuleID : 35128 - Revision : 4 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer local file information disclosure attempt
RuleID : 35127 - Revision : 4 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CInput use after free attempt
RuleID : 35126 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CInput use after free attempt
RuleID : 35125 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTableRow use after free attempt
RuleID : 35124 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTableRow use after free attempt
RuleID : 35123 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTextArea use after free attempt
RuleID : 35122 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTextArea use after free attempt
RuleID : 35121 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTreeNode type confusion attempt
RuleID : 35120 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer CTreeNode type confusion attempt
RuleID : 35119 - Revision : 2 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer svg elements use after free attempt
RuleID : 35117 - Revision : 3 - Type : BROWSER-IE
2015-08-14 Microsoft Internet Explorer svg elements use after free attempt
RuleID : 35116 - Revision : 3 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date Description
2015-07-15 Name : The remote host has a web browser installed that is affected by multiple vuln...
File : smb_nt_ms15-065.nasl - Type : ACT_GATHER_INFO
2015-07-14 Name : The remote Windows host is affected by a remote code execution vulnerability.
File : smb_nt_ms15-066.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2015-08-14 21:23:53
  • Multiple Updates
2015-07-22 21:28:28
  • Multiple Updates
2015-07-22 21:16:26
  • Multiple Updates
2015-07-18 13:29:46
  • Multiple Updates
2015-07-15 21:27:45
  • Multiple Updates
2015-07-15 05:31:35
  • Multiple Updates
2015-07-14 21:30:39
  • Multiple Updates
2015-07-14 21:17:15
  • First insertion