SB2015031001 - Multiple vulnerabilities in Microsoft Internet Explorer

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015031001

SB2015031001 - Multiple vulnerabilities in Microsoft Internet Explorer

Published: March 10, 2015 Updated: February 2, 2017

Security Bulletin ID SB2015031001
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2015-1634)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.




2) Privilege escalation (CVE-ID: CVE-2015-1627)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper validation of permissions. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and gain elevated privileges.

Successful exploitation of this vulnerability results in privilege escalation on the vulnerable system.




3) Memory corruption (CVE-ID: CVE-2015-1626)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.




4) Memory corruption (CVE-ID: CVE-2015-1625)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.




5) Memory corruption (CVE-ID: CVE-2015-1624)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.




6) Memory corruption (CVE-ID: CVE-2015-1623)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.




7) Memory corruption (CVE-ID: CVE-2015-1622)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.




8) Memory corruption (CVE-ID: CVE-2015-0100)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.




9) Memory corruption (CVE-ID: CVE-2015-0056)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.




10) Memory corruption (CVE-ID: CVE-2015-0032)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in VBScript engine. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of this vulnerability results in arbitrary code execution on the vulnerable system.




Remediation

Install update from vendor's website.

References