Kaspersky ID:
KLA10720
Detect Date:
12/08/2015
Updated:
09/26/2023

Description

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer & Edge. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, inject or execute arbitrary code, gain privileges or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Improper memory objects access can be exploited remotely via a specially designed web content to execute arbitrary code;
  2. Lack of content type enforcement can be exploited remotely via a specially designed web content to gain privileges;
  3. Lack of Address Space Layout Randomization enforcement can be exploited remotely via a specially designed web content to bypass security feature;
  4. Improper HTTP responses parsing can be exploited remotely via a specially designed URL to spoof user interface;
  5. Improper permissions validation can be exploited remotely via a specially designed web content to gain privileges;
  6. Improper HTML disabling can be exploited remotely via a specially designed web content to inject arbitrary code;
  7. Improper memory handling at VBScript can be exploited remotely via a specially designed web content to obtain sensitive information or execute arbitrary code.

Technical details

There some technical notes for vulnerability (3) you can read in MS15-124 listed in original advisories section.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2015-6135
    critical
  • CVE-2015-6136
    critical
  • CVE-2015-6134
    critical
  • CVE-2015-6140
    critical
  • CVE-2015-6155
    critical
  • CVE-2015-6083
    critical
  • CVE-2015-6138
    warning
  • CVE-2015-6169
    warning
  • CVE-2015-6168
    critical
  • CVE-2015-6176
    warning
  • CVE-2015-6170
    high
  • CVE-2015-6153
    critical
  • CVE-2015-6152
    critical
  • CVE-2015-6151
    critical
  • CVE-2015-6150
    critical
  • CVE-2015-6149
    critical
  • CVE-2015-6148
    critical
  • CVE-2015-6147
    critical
  • CVE-2015-6146
    critical
  • CVE-2015-6145
    critical
  • CVE-2015-6144
    warning
  • CVE-2015-6142
    critical
  • CVE-2015-6143
    critical
  • CVE-2015-6162
    critical
  • CVE-2015-6164
    high
  • CVE-2015-6160
    critical
  • CVE-2015-6161
    warning
  • CVE-2015-6154
    critical
  • CVE-2015-6141
    critical
  • CVE-2015-6156
    critical
  • CVE-2015-6157
    warning
  • CVE-2015-6158
    critical
  • CVE-2015-6159
    critical
  • CVE-2015-6139
    critical

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.