CVE-2015-2425

CVSS 8.8 HIGHEPSS 44.9%● KEVCWE-787

Vexday Risk Score

63High priority

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 8.8EPSS 44.9%KEV simPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

14 Jul 2015Published on NVD

25 May 2022Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

Internet Explorer 11 can crash or run malicious code when you visit a specially crafted website. This happens because the browser doesn't properly handle memory, allowing attackers to take control of your computer.

Technical detail

CVE-2015-2425 is a heap-based buffer overflow (CWE-787) in Internet Explorer 11's memory management. Remote attackers can trigger arbitrary code execution or denial of service by hosting a malicious webpage that the victim visits; no user interaction beyond visiting the site is required, and the vulnerability affects the browser's core rendering engine.

Summary generated and translated by AI from the official description.

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2384.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2425 http://www.securitytracker.com/id/1032894