CVE-2015-6042 - Use-after-free vulnerability in the CWindow object implementation in Microsoft Internet Explorer 11

CVE-2015-6042

Summary

Use-after-free vulnerability in the CWindow object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 13-02-2023 - 18:58)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

msbulletin via4

bulletin_id	MS15-106
bulletin_url
date	2015-10-13T00:00:00
impact	Remote Code Execution
knowledgebase_id	3096441
knowledgebase_url
severity	Critical
title	Cumulative Security Update for Internet Explorer

refmap via4

misc	http://www.zerodayinitiative.com/advisories/ZDI-15-520
sectrack	1033800

Last major update

13-02-2023 - 18:58

Published

14-10-2015 - 01:59

Last modified

13-02-2023 - 18:58