VBScript ASLR Bypass in Microsoft IE & VBScript Engine
CVE-2015-1684

Currently unrated

Key Information:

Vendor: Microsoft
Status: Vbscript
Vendor: CVE Published:; 13 May 2015

What is CVE-2015-1684?

The vulnerability exists in the VBScript.dll component of the Microsoft VBScript engine versions 5.6 through 5.8, utilized in Internet Explorer versions 8 through 11 and other Microsoft products. A remote attacker could exploit this flaw to bypass the ASLR protection mechanism by crafting a malicious website. This allows the attacker to execute arbitrary code on the affected system, potentially compromising user data and security.

References

http://www.securityfocus.com/bid/74522

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1032282

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

15% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2015
Vulnerability Reserved
Feb 17, 2015