CVE-2015-2490

2015-09-0900:59:08

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-2490

microsoft internet explorer

memory corruption

crafted web site

remote code execution

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.436 Medium

EPSS

Percentile

97.4%

JSON

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.

Affected configurations

NVD

Node

microsoftinternet_explorerMatch7

microsoftinternet_explorerMatch8

microsoftinternet_explorerMatch9

microsoftinternet_explorerMatch10

microsoftinternet_explorerMatch11-

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq7
microsoft:internet_explorermicrosoft internet explorereq8
microsoft:internet_explorermicrosoft internet explorereq9
microsoft:internet_explorermicrosoft internet explorereq10
microsoft:internet_explorermicrosoft internet explorereq11

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	7
microsoft:internet_explorer	microsoft internet explorer	eq	8
microsoft:internet_explorer	microsoft internet explorer	eq	9
microsoft:internet_explorer	microsoft internet explorer	eq	10
microsoft:internet_explorer	microsoft internet explorer	eq	11