CVE-2015-1686

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Information Leak / Disclosure

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2015-1658, CVE-2015-1684, CVE-2015-1685, CVE-2015-1688, CVE-2015-1689, CVE-2015-1691, CVE-2015-1692, CVE-2015-1694, CVE-2015-1703, CVE-2015-1704, CVE-2015-1705, CVE-2015-1706, CVE-2015-1708, CVE-2015-1709, CVE-2015-1710, CVE-2015-1711, CVE-2015-1712, CVE-2015-1713, CVE-2015-1714, CVE-2015-1717, CVE-2015-1718

Published on 13/05/15 - Updated on 03/01/17

Description

The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."

Category: Information Leak / Disclosure

CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Security Notices

US National Vulnerability DatabaseCVE-2015-1686
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-208, CERTFR-2015-AVI-218
Microsoft MS15-043, MS15-053
Renater 2015/VULN069, 2015/VULN079

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
microsoftinternet_explorer
microsoftvbscript

Share this vulnerability with:

Twitter Facebook LinkedIn Mail