ID CVE-2015-2442 Type cve Reporter NVD Modified 2018-10-12T18:09:33
Description
Microsoft Internet Explorer 8 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2444.
{"symantec": [{"lastseen": "2018-03-12T04:24:46", "bulletinFamily": "software", "description": "### Description\n\nMicrosoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. The following products are vulnerable: Internet Explorer 8, 9, 10 and 11 Edge\n\n### Technologies Affected\n\n * Microsoft Edge \n * Microsoft Internet Explorer 10 \n * Microsoft Internet Explorer 11 \n * Microsoft Internet Explorer 8 \n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2015-08-11T00:00:00", "published": "2015-08-11T00:00:00", "id": "SMNTC-76196", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/76196", "type": "symantec", "title": "Microsoft Internet Explorer and Edge CVE-2015-2442 Remote Memory Corruption Vulnerability", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:22:12", "bulletinFamily": "scanner", "description": "The version of Microsoft Edge installed on the remote host is missing\nCumulative Security Update 3081436. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple memory corruption issues exist due to improper\n access to objects in memory resulting from insufficient\n validation of user-supplied input. A remote attacker,\n using a specially crafted website, can exploit these\n issues to execute arbitrary code in the context of the\n current user. (CVE-2015-2441, CVE-2015-2442,\n CVE-2015-2446)\n\n - A security feature bypass vulnerability exists due to\n a failure to use Address Space Layout Randomization\n (ASLR). An attacker can exploit this to predict memory\n offsets in a call stack. (CVE-2015-2449)", "modified": "2018-11-15T00:00:00", "published": "2015-08-11T00:00:00", "id": "SMB_NT_MS15-091.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85324", "title": "MS15-091: Cumulative Security Update for Microsoft Edge (3084525)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85324);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\n \"CVE-2015-2441\",\n \"CVE-2015-2442\",\n \"CVE-2015-2446\",\n \"CVE-2015-2449\"\n );\n script_bugtraq_id(\n 76193,\n 76196,\n 76197,\n 76199\n );\n script_xref(name:\"MSFT\", value:\"MS15-091\");\n script_xref(name:\"MSKB\", value:\"3081436\");\n\n script_name(english:\"MS15-091: Cumulative Security Update for Microsoft Edge (3084525)\");\n script_summary(english:\"Checks the file version of edgehtml.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a web browser installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote host is missing\nCumulative Security Update 3081436. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple memory corruption issues exist due to improper\n access to objects in memory resulting from insufficient\n validation of user-supplied input. A remote attacker,\n using a specially crafted website, can exploit these\n issues to execute arbitrary code in the context of the\n current user. (CVE-2015-2441, CVE-2015-2442,\n CVE-2015-2446)\n\n - A security feature bypass vulnerability exists due to\n a failure to use Address Space Layout Randomization\n (ASLR). An attacker can exploit this to predict memory\n offsets in a call stack. (CVE-2015-2449)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_reg_query.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS15-091';\nkb = '3081436'; # Cumulative update for Windows 10: August 11, 2015\n\nkbs = make_list(kb);\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\n# Server core is not affected\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 10\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"edgehtml.dll\", version:\"11.0.10240.16428\", dir:\"\\system32\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:22:12", "bulletinFamily": "scanner", "description": "The version of Internet Explorer installed on the remote host is\nmissing Cumulative Security Update 3082442. It is, therefore, affected\nby multiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An attacker can exploit these\nvulnerabilities by convincing a user to visit a specially crafted\nwebsite.\n\nNote that the majority of the vulnerabilities addressed by Cumulative\nSecurity Update 3082442 are mitigated by the Enhanced Security\nConfiguration (ESC) mode which is enabled by default on Windows Server\n2003, 2008, 2008 R2, 2012, and 2012 R2.", "modified": "2018-11-15T00:00:00", "published": "2015-08-11T00:00:00", "id": "SMB_NT_MS15-079.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85333", "title": "MS15-079: Cumulative Security Update for Internet Explorer (3082442)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85333);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/15 20:50:31\");\n\n script_cve_id(\n \"CVE-2015-2423\",\n \"CVE-2015-2441\",\n \"CVE-2015-2442\",\n \"CVE-2015-2443\",\n \"CVE-2015-2444\",\n \"CVE-2015-2445\",\n \"CVE-2015-2446\",\n \"CVE-2015-2447\",\n \"CVE-2015-2448\",\n \"CVE-2015-2449\",\n \"CVE-2015-2450\",\n \"CVE-2015-2451\",\n \"CVE-2015-2452\"\n );\n script_bugtraq_id(\n 76188,\n 76189,\n 76190,\n 76191,\n 76192,\n 76193,\n 76194,\n 76195,\n 76196,\n 76197,\n 76198,\n 76199,\n 76202\n );\n script_xref(name:\"MSFT\", value:\"MS15-079\");\n script_xref(name:\"MSKB\", value:\"3081436\");\n script_xref(name:\"MSKB\", value:\"3078071\");\n script_xref(name:\"IAVA\", value:\"2015-A-0188\");\n\n script_name(english:\"MS15-079: Cumulative Security Update for Internet Explorer (3082442)\");\n script_summary(english:\"Checks the version of mshtml.dll.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a web browser installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Internet Explorer installed on the remote host is\nmissing Cumulative Security Update 3082442. It is, therefore, affected\nby multiple vulnerabilities, the majority of which are remote code\nexecution vulnerabilities. An attacker can exploit these\nvulnerabilities by convincing a user to visit a specially crafted\nwebsite.\n\nNote that the majority of the vulnerabilities addressed by Cumulative\nSecurity Update 3082442 are mitigated by the Enhanced Security\nConfiguration (ESC) mode which is enabled by default on Windows Server\n2003, 2008, 2008 R2, 2012, and 2012 R2.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-079\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Internet Explorer 7, 8, 9,\n10, and 11.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS15-079';\nkbs = make_list('3081436', '3078071');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 10\n hotfix_is_vulnerable(os:\"10\", sp:0, file:\"mshtml.dll\", version:\"11.0.10240.16425\", min_version:\"11.0.10240.16000\", dir:\"\\system32\", bulletin:bulletin, kb:3081436) ||\n\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.3\", sp:0, file:\"mshtml.dll\", version:\"11.0.9600.17937\", min_version:\"11.0.9600.17000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n\n # Windows 8 / Windows Server 2012\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.21562\", min_version:\"10.0.9200.21000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n hotfix_is_vulnerable(os:\"6.2\", sp:0, file:\"mshtml.dll\", version:\"10.0.9200.17451\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 10\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"10.0.9200.21571\", min_version:\"10.0.9200.21000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"10.0.9200.17457\", min_version:\"10.0.9200.16000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n # Internet Explorer 11\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"11.0.9600.17937\", min_version:\"11.0.9600.17000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n # Internet Explorer 8\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"8.0.7601.23137\", min_version:\"8.0.7601.22000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"8.0.7601.18934\", min_version:\"8.0.7601.17000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"9.0.8112.20799\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n hotfix_is_vulnerable(os:\"6.1\", sp:1, file:\"mshtml.dll\", version:\"9.0.8112.16684\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n\n # Vista / Windows Server 2008\n # Internet Explorer 7\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"7.0.6002.23760\", min_version:\"7.0.6002.23000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"7.0.6002.19452\", min_version:\"7.0.6002.18000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n # Internet Explorer 8\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"8.0.6001.23724\", min_version:\"8.0.6001.23000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"8.0.6001.19665\", min_version:\"8.0.6001.18000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n # Internet Explorer 9\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.20799\", min_version:\"9.0.8112.20000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"mshtml.dll\", version:\"9.0.8112.16684\", min_version:\"9.0.8112.16000\", dir:\"\\system32\", bulletin:bulletin, kb:3078071)\n)\n{\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-12-13T17:46:29", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS15-091.", "modified": "2018-12-12T00:00:00", "published": "2016-01-08T00:00:00", "id": "OPENVAS:1361412562310807026", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807026", "title": "Microsoft Edge Multiple Vulnerabilities (3084525)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms15-091.nasl 12770 2018-12-12 10:35:08Z cfischer $\n#\n# Microsoft Edge Multiple Vulnerabilities (3084525)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807026\");\n script_version(\"$Revision: 12770 $\");\n script_cve_id(\"CVE-2015-2441\", \"CVE-2015-2442\", \"CVE-2015-2446\", \"CVE-2015-2449\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-12 11:35:08 +0100 (Wed, 12 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-08 16:38:38 +0530 (Fri, 08 Jan 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Edge Multiple Vulnerabilities (3084525)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS15-091.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Multiple improper memory object handling errors.\n\n - Microsoft Edge fails to use the Address Space Layout Randomization (ASLR)\n security feature.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code or cause a denial of service, bypass the\n Address Space Layout Randomization (ASLR) security feature, which helps\n protect users from a broad class of vulnerabilities.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Edge on Windows 10 x32/x64\");\n\n script_tag(name:\"solution\", value:\"Run Windows Update and update the listed\n hotfixes or download and update mentioned hotfixes in the advisory from the\n references.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3081436\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS15-091\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_microsoft_edge_detect.nasl\", \"gb_smb_lsc_fetch_file_ver.nasl\");\n script_mandatory_keys(\"MS/Edge/Installed\", \"SMB/lsc_file_version_cache/edgehtml.dll/available\");\n\n exit(0);\n}\n\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0)\n exit(0);\n\ninfos = smb_get_fileversion_from_cache(file_name:\"edgehtml.dll\");\nif(!infos)\n exit(0);\n\ndllVer = infos[\"version\"];\ndllPath = infos[\"path\"];\n\nif(hotfix_check_sp(win10:1, win10x64:1) > 0){\n if(version_is_less(version:dllVer, test_version:\"11.0.10240.16428\")) {\n Vulnerable_range = \"Less than 11.0.10240.16428\";\n VULN = TRUE ;\n }\n}\n\nif(VULN){\n report = report_fixed_ver(file_checked:dllPath, file_version:dllVer, vulnerable_range:Vulnerable_range);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-22T16:38:48", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS15-079.", "modified": "2018-10-12T00:00:00", "published": "2015-08-12T00:00:00", "id": "OPENVAS:1361412562310805731", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805731", "title": "Microsoft Internet Explorer Multiple Vulnerabilities (3082442)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ms15-079.nasl 11876 2018-10-12 12:20:01Z cfischer $\n#\n# Microsoft Internet Explorer Multiple Vulnerabilities (3082442)\n#\n# Authors:\n# Deependra Bapna <bdeependra@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:ie\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805731\");\n script_version(\"$Revision: 11876 $\");\n script_cve_id(\"CVE-2015-2423\", \"CVE-2015-2441\", \"CVE-2015-2442\", \"CVE-2015-2443\",\n \"CVE-2015-2444\", \"CVE-2015-2445\", \"CVE-2015-2446\", \"CVE-2015-2447\",\n \"CVE-2015-2448\", \"CVE-2015-2449\", \"CVE-2015-2450\", \"CVE-2015-2451\",\n \"CVE-2015-2452\");\n script_bugtraq_id(76202, 76197, 76196, 76195, 76194, 76198, 76193, 76192, 76191,\n 76199, 76190, 76189, 76188);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 14:20:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-12 09:06:10 +0530 (Wed, 12 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft Internet Explorer Multiple Vulnerabilities (3082442)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS15-079.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Multiple improper handling memory objects,\n\n - Fails to use ASLR security feature, allowing an attacker to more reliably predict\n the memory offsets of specific instructions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to corrupt memory and potentially execute arbitrary code in the\n context of the current user.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Internet Explorer version\n 7.x/8.x/9.x/10.x/11.x\");\n\n script_tag(name:\"solution\", value:\"Run Windows Update and update the listed\n hotfixes or download and update mentioned hotfixes in the advisory from the\n link, https://technet.microsoft.com/en-us/library/security/MS15-079\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/kb/3082442\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/en-us/library/security/MS15-079\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/IE/Version\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(winVista:3, win7:2, win7x64:2, win2008:3, win2008r2:2,\n win8:1, win8x64:1, win2012:1, win2012R2:1, win8_1:1, win8_1x64:1, win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nieVer = get_app_version(cpe:CPE);\nif(!ieVer || !(ieVer =~ \"^(7|8|9|10|11)\")){\n exit(0);\n}\nsysPath = smb_get_systemroot();\nif(!sysPath ){\n exit(0);\n}\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"system32\\Mshtml.dll\");\nif(!dllVer){\n exit(0);\n}\n\nif(hotfix_check_sp(winVista:3, win2008:3) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"7.0.6002.18000\", test_version2:\"7.0.6002.19451\")||\n version_in_range(version:dllVer, test_version:\"7.0.6002.23000\", test_version2:\"7.0.6002.23759\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.18000\", test_version2:\"8.0.6001.19664\")||\n version_in_range(version:dllVer, test_version:\"8.0.6001.20000\", test_version2:\"8.0.6001.23723\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16683\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20798\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"8.0.7601.17000\", test_version2:\"8.0.7601.18933\")||\n version_in_range(version:dllVer, test_version:\"8.0.7601.22000\", test_version2:\"8.0.7601.23136\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.16000\", test_version2:\"9.0.8112.16683\")||\n version_in_range(version:dllVer, test_version:\"9.0.8112.20000\", test_version2:\"9.0.8112.20798\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.16000\", test_version2:\"10.0.9200.17456\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.21000\", test_version2:\"10.0.9200.21570\")||\n version_in_range(version:dllVer, test_version:\"11.0.9600.00000\", test_version2:\"11.0.9600.17936\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win8:1, win2012:1) > 0)\n{\n if(version_in_range(version:dllVer, test_version:\"10.0.9200.16000\", test_version2:\"10.0.9200.17450\")||\n version_in_range(version:dllVer, test_version:\"10.0.9200.20000\", test_version2:\"10.0.9200.21561\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"11.0.9600.17937\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\nelse if(hotfix_check_sp(win10:1, win10x64:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"11.0.10240.16425\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-02-13T16:36:17", "bulletinFamily": "info", "description": "### *Detect date*:\n08/11/2015\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to Bypass security restrictions, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Internet Explorer versions from 7 through 11\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2015-2423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2423>) \n[CVE-2015-2449](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2449>) \n[CVE-2015-2441](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2441>) \n[CVE-2015-2446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2446>) \n[CVE-2015-2442](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2442>) \n[CVE-2015-2448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2448>) \n[CVE-2015-2447](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2447>) \n[CVE-2015-2444](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2444>) \n[CVE-2015-2443](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2443>) \n[CVE-2015-2450](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2450>) \n[CVE-2015-2445](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2445>) \n[CVE-2015-2452](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2452>) \n[CVE-2015-2451](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2451>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2015-2423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2423>) \n[CVE-2015-2449](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2449>) \n[CVE-2015-2441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2441>) \n[CVE-2015-2446](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2446>) \n[CVE-2015-2442](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2442>) \n[CVE-2015-2448](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2448>) \n[CVE-2015-2447](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2447>) \n[CVE-2015-2444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2444>) \n[CVE-2015-2443](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2443>) \n[CVE-2015-2450](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2450>) \n[CVE-2015-2445](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2445>) \n[CVE-2015-2452](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2452>) \n[CVE-2015-2451](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2451>)\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3081436](<http://support.microsoft.com/kb/3081436>) \n[3078071](<http://support.microsoft.com/kb/3078071>) \n[3082442](<http://support.microsoft.com/kb/3082442>)", "modified": "2019-02-06T00:00:00", "published": "2015-08-11T00:00:00", "id": "KLA10648", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10648", "title": "\r KLA10648Multiple vulnerabilities in Internet Explorer ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-13T16:36:13", "bulletinFamily": "info", "description": "### *Detect date*:\n08/11/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nWindows Vista Service Pack 2 \nWindows Server 2008 Service Pack 2 \nWindows 7 Service Pack 1 \nWindows Server 2008 R2 \nWindows 8 \nWindows 8.1 \nWindows Server 2012 \nWindows Server 2012 R2 \nWindows RT \nWindows RT 8.1 \nWindows 10 \n.NET framework versions 3.0 SP2, 4, 4.5, 4.5.1, 4.5.2, 4.6 \nOffice 2007 Service Pack 3 \nOffice 2010 Service Pack 2 \nLive Meeting 2007 Console \nLync 2010 \nLync 2013 Service Pack 1 \nSilverlight 5 \nBizTalk Server 2010, 2013, 2013 R2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2015-2423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2423>) \n[CVE-2015-2431](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2431>) \n[CVE-2015-2430](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2430>) \n[CVE-2015-2456](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2456>) \n[CVE-2015-2458](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2458>) \n[CVE-2015-2433](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2433>) \n[CVE-2015-2432](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2432>) \n[CVE-2015-2471](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2471>) \n[CVE-2015-2472](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2472>) \n[CVE-2015-2473](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2473>) \n[CVE-2015-2474](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2474>) \n[CVE-2015-2475](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2475>) \n[CVE-2015-2476](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2476>) \n[CVE-2015-1769](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1769>) \n[CVE-2015-2449](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2449>) \n[CVE-2015-2455](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2455>) \n[CVE-2015-2460](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2460>) \n[CVE-2015-2459](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2459>) \n[CVE-2015-2462](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2462>) \n[CVE-2015-2461](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2461>) \n[CVE-2015-2464](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2464>) \n[CVE-2015-2463](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2463>) \n[CVE-2015-2465](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2465>) \n[CVE-2015-2454](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2454>) \n[CVE-2015-2453](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2453>) \n[CVE-2015-2434](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2434>) \n[CVE-2015-2435](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2435>) \n[CVE-2015-2428](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2428>) \n[CVE-2015-2441](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2441>) \n[CVE-2015-2446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2446>) \n[CVE-2015-2429](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2429>) \n[CVE-2015-2440](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2440>) \n[CVE-2015-2442](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2442>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft .NET Framework](<https://threats.kaspersky.com/en/product/Microsoft-.NET-Framework/>)\n\n### *CVE-IDS*:\n[CVE-2015-2423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2423>) \n[CVE-2015-2431](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2431>) \n[CVE-2015-2430](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2430>) \n[CVE-2015-2456](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2456>) \n[CVE-2015-2458](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2458>) \n[CVE-2015-2433](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2433>) \n[CVE-2015-2432](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2432>) \n[CVE-2015-2471](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2471>) \n[CVE-2015-2472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2472>) \n[CVE-2015-2473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2473>) \n[CVE-2015-2474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2474>) \n[CVE-2015-2475](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2475>) \n[CVE-2015-2476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2476>) \n[CVE-2015-1769](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1769>) \n[CVE-2015-2449](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2449>) \n[CVE-2015-2455](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2455>) \n[CVE-2015-2460](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2460>) \n[CVE-2015-2459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2459>) \n[CVE-2015-2462](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2462>) \n[CVE-2015-2461](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2461>) \n[CVE-2015-2464](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2464>) \n[CVE-2015-2463](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2463>) \n[CVE-2015-2465](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2465>) \n[CVE-2015-2454](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2454>) \n[CVE-2015-2453](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2453>) \n[CVE-2015-2434](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2434>) \n[CVE-2015-2435](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2435>) \n[CVE-2015-2428](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2428>) \n[CVE-2015-2441](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2441>) \n[CVE-2015-2446](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2446>) \n[CVE-2015-2429](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2429>) \n[CVE-2015-2440](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2440>) \n[CVE-2015-2442](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2442>)\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[3081436](<http://support.microsoft.com/kb/3081436>) \n[3080790](<http://support.microsoft.com/kb/3080790>) \n[3072305](<http://support.microsoft.com/kb/3072305>) \n[3071756](<http://support.microsoft.com/kb/3071756>) \n[3072307](<http://support.microsoft.com/kb/3072307>) \n[3072306](<http://support.microsoft.com/kb/3072306>) \n[3072303](<http://support.microsoft.com/kb/3072303>) \n[3072309](<http://support.microsoft.com/kb/3072309>) \n[3080129](<http://support.microsoft.com/kb/3080129>) \n[3082458](<http://support.microsoft.com/kb/3082458>) \n[3082459](<http://support.microsoft.com/kb/3082459>) \n[3079743](<http://support.microsoft.com/kb/3079743>) \n[3080348](<http://support.microsoft.com/kb/3080348>) \n[3073893](<http://support.microsoft.com/kb/3073893>) \n[3075591](<http://support.microsoft.com/kb/3075591>) \n[3075590](<http://support.microsoft.com/kb/3075590>) \n[3075593](<http://support.microsoft.com/kb/3075593>) \n[3075592](<http://support.microsoft.com/kb/3075592>) \n[3084525](<http://support.microsoft.com/kb/3084525>) \n[3076895](<http://support.microsoft.com/kb/3076895>) \n[3087119](<http://support.microsoft.com/kb/3087119>) \n[3055014](<http://support.microsoft.com/kb/3055014>) \n[2825645](<http://support.microsoft.com/kb/2825645>) \n[3075222](<http://support.microsoft.com/kb/3075222>) \n[3075221](<http://support.microsoft.com/kb/3075221>) \n[3075220](<http://support.microsoft.com/kb/3075220>) \n[3075226](<http://support.microsoft.com/kb/3075226>) \n[3072310](<http://support.microsoft.com/kb/3072310>) \n[3072311](<http://support.microsoft.com/kb/3072311>) \n[3076949](<http://support.microsoft.com/kb/3076949>) \n[3073921](<http://support.microsoft.com/kb/3073921>) \n[3054890](<http://support.microsoft.com/kb/3054890>) \n[3060716](<http://support.microsoft.com/kb/3060716>) \n[3078662](<http://support.microsoft.com/kb/3078662>) \n[3079757](<http://support.microsoft.com/kb/3079757>) \n[3078601](<http://support.microsoft.com/kb/3078601>) \n[3078071](<http://support.microsoft.com/kb/3078071>) \n[3046017](<http://support.microsoft.com/kb/3046017>) \n[3054846](<http://support.microsoft.com/kb/3054846>) \n[3080333](<http://support.microsoft.com/kb/3080333>) \n[3082487](<http://support.microsoft.com/kb/3082487>)", "modified": "2019-02-06T00:00:00", "published": "2015-08-11T00:00:00", "id": "KLA10646", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10646", "title": "\r KLA10646Multiple vulnerabilities in Microsoft Windows ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "description": "OpenType fonts parsing code execution, multiple Internet Explorer and Edge vulnerabilities, code execution and information disclosure in system libraries, code execution via RDP and AMB, privilege escalation, information disclosure via WebDAV.", "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "id": "SECURITYVULNS:VULN:14626", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14626", "title": "Microsoft Windows multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}