Lucene search

[email protected]CVE-2015-6089

HistoryNov 11, 2015 - 12:59 p.m.

CVE-2015-6089

2015-11-1112:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-6089

microsoft

vbscript

jscript

internet explorer

remote code execution

denial of service

memory corruption

7.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.462 Medium

EPSS

Percentile

97.4%

JSON

The Microsoft (1) VBScript and (2) JScript engines, as used in Internet Explorer 8 through 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:jscriptmicrosoft jscripteq-
microsoft:vbscriptmicrosoft vbscripteq-

CPE	Name	Operator	Version
microsoft:jscript	microsoft jscript	eq	-
microsoft:vbscript	microsoft vbscript	eq	-

References

www.securitytracker.com/id/1034112

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-112

7.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.462 Medium

EPSS

Percentile

97.4%

JSON

Related for CVE-2015-6089

checkpoint_advisories1 symantec1 prion1 kaspersky1 mskb1 nessus1 openvas1