ID CVE-2015-6141 Type cve Reporter NVD Modified 2017-09-12T21:29:02
Description
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6134.
{"title": "CVE-2015-6141", "reporter": "NVD", "published": "2015-12-09T06:59:24", "cpe": ["cpe:/a:microsoft:internet_explorer:9"], "cvelist": ["CVE-2015-6141"], "viewCount": 0, "objectVersion": "1.3", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6141", "bulletinFamily": "NVD", "hashmap": [{"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "ba4196ecf749fb5d79c7c0b8d112da03", "key": "cpe"}, {"hash": "7df35b17c3e12a6c1f37f6eb5828d13a", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "476fb0e967432047a698052c8dab183a", "key": "description"}, {"hash": "11d992d0045a6996d8757f2f28b04439", "key": "href"}, {"hash": "506319daca629ecae6fc7ea3612365c6", "key": "modified"}, {"hash": "a91d6cf0983e708dc7001a47693867e5", "key": "published"}, {"hash": "03a39b94110a73f6dc43180b132a01a0", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "dbca467175c2ee2600e109906fd6789e", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "history": [{"bulletin": {"reporter": "NVD", "published": "2015-12-09T06:59:24", "cvelist": ["CVE-2015-6141"], "title": "CVE-2015-6141", "objectVersion": "1.2", "description": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-6134.", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6141", "bulletinFamily": "NVD", "id": "CVE-2015-6141", "history": [], "scanner": [], "enchantments": {}, "modified": "2016-12-07T13:18:49", "hash": "b00ce51c2c7f803f9d7926eb6b56e209789e0e299b61d6247933b5f535cd4cbe", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "viewCount": 0, "edition": 2, "cpe": ["cpe:/a:microsoft:internet_explorer:9"], "references": ["http://www.zerodayinitiative.com/advisories/ZDI-15-585", "http://technet.microsoft.com/security/bulletin/MS15-124"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "476fb0e967432047a698052c8dab183a", "key": "description"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "dbca467175c2ee2600e109906fd6789e", "key": "title"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "ba4196ecf749fb5d79c7c0b8d112da03", "key": "cpe"}, {"hash": "6b2eddc0151bdb87b9671e4ec3b45742", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "7df35b17c3e12a6c1f37f6eb5828d13a", "key": "cvelist"}, {"hash": "d1350587dbe18ac2413f0ba1689e652d", "key": "references"}, {"hash": "11d992d0045a6996d8757f2f28b04439", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a91d6cf0983e708dc7001a47693867e5", "key": "published"}], "lastseen": "2017-04-18T15:57:51", "assessment": {"name": "", "href": "", "system": ""}}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:57:51"}, {"bulletin": {"reporter": "NVD", "published": "2015-12-09T06:59:24", "cvelist": ["CVE-2015-6141"], "title": "CVE-2015-6141", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6141", "bulletinFamily": "NVD", "id": "CVE-2015-6141", "history": [], "scanner": [], "cpe": ["cpe:/a:microsoft:internet_explorer:9"], "modified": "2015-12-09T10:50:22", "hash": "81fee69f14c68d114b2200400d6691aa75e44266445e4654feb8b4c14c0bc77c", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "viewCount": 0, "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "references": ["http://technet.microsoft.com/security/bulletin/MS15-124"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "476fb0e967432047a698052c8dab183a", "key": "description"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "dbca467175c2ee2600e109906fd6789e", "key": "title"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "ba4196ecf749fb5d79c7c0b8d112da03", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "7df35b17c3e12a6c1f37f6eb5828d13a", "key": "cvelist"}, {"hash": "11d992d0045a6996d8757f2f28b04439", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "7f88e3035ea95c3e05d5e7c51e4452d9", "key": "modified"}, {"hash": "58b0b2a89ea1429b3a32657b1554892c", "key": "references"}, {"hash": "a91d6cf0983e708dc7001a47693867e5", "key": "published"}], "lastseen": "2016-09-03T23:02:09", "description": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-6134."}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T23:02:09"}], "scanner": [], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "modified": "2017-09-12T21:29:02", "hash": "ad1b62a3c7750939766fa3722da92e9a34c9e6b3ee8339e9c539c0e86b18868b", "enchantments": {"vulnersScore": 9.3}, "edition": 3, "description": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-6134.", "references": ["http://www.zerodayinitiative.com/advisories/ZDI-15-585", "http://technet.microsoft.com/security/bulletin/MS15-124", "http://www.securitytracker.com/id/1034315"], "id": "CVE-2015-6141", "lastseen": "2017-09-13T10:56:36", "assessment": {"name": "", "href": "", "system": ""}}
{"result": {"symantec": [{"id": "SMNTC-78483", "type": "symantec", "title": "Microsoft Internet Explorer CVE-2015-6141 Remote Memory Corruption Vulnerability", "description": "### Description\n\nMicrosoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Internet Explorer 9 is vulnerable.\n\n### Technologies Affected\n\n * Microsoft Internet Explorer 9 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nMemory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2015-12-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/78483", "cvelist": ["CVE-2015-6141"], "lastseen": "2018-03-12T06:25:01"}], "zdi": [{"id": "ZDI-15-585", "type": "zdi", "title": "Microsoft Internet Explorer CStylesheet Rules Out-Of-Bounds Access Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the usage of CStylesheet objects. By manipulating a document's elements, an attacker can force an out-of-bounds memory access to occur. An attacker can leverage this vulnerability to execute code under the context of the current process.", "published": "2015-12-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-15-585", "cvelist": ["CVE-2015-6141"], "lastseen": "2016-11-09T00:18:11"}], "nessus": [{"id": "SMB_NT_MS15-124.NASL", "type": "nessus", "title": "MS15-124: Cumulative Security Update for Internet Explorer (3116180)", "description": "The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3116180. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.", "published": "2015-12-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87253", "cvelist": ["CVE-2015-6139", "CVE-2015-6154", "CVE-2015-6144", "CVE-2015-6157", "CVE-2015-6150", "CVE-2015-6162", "CVE-2015-6146", "CVE-2015-6148", "CVE-2015-6147", "CVE-2015-6136", "CVE-2015-6155", "CVE-2015-6142", "CVE-2015-6138", "CVE-2015-6160", "CVE-2015-6161", "CVE-2015-6149", "CVE-2015-6164", "CVE-2015-6083", "CVE-2015-6135", "CVE-2015-6158", "CVE-2015-6143", "CVE-2015-6140", "CVE-2015-6151", "CVE-2015-6134", "CVE-2015-6159", "CVE-2015-6152", "CVE-2015-6141", "CVE-2015-6145", "CVE-2015-6153", "CVE-2015-6156"], "lastseen": "2018-07-01T14:25:21"}], "openvas": [{"id": "OPENVAS:1361412562310806646", "type": "openvas", "title": "Microsoft Internet Explorer Multiple Vulnerabilities (3116180)", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS15-124.", "published": "2015-12-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806646", "cvelist": ["CVE-2015-6139", "CVE-2015-6154", "CVE-2015-6144", "CVE-2015-6157", "CVE-2015-6150", "CVE-2015-6162", "CVE-2015-6146", "CVE-2015-6148", "CVE-2015-6147", "CVE-2015-6136", "CVE-2015-6155", "CVE-2015-6142", "CVE-2015-6138", "CVE-2015-6160", "CVE-2015-6161", "CVE-2015-6149", "CVE-2015-6164", "CVE-2015-6083", "CVE-2015-6135", "CVE-2015-6158", "CVE-2015-6143", "CVE-2015-6140", "CVE-2015-6151", "CVE-2015-6134", "CVE-2015-6159", "CVE-2015-6152", "CVE-2015-6141", "CVE-2015-6145", "CVE-2015-6153", "CVE-2015-6156"], "lastseen": "2017-07-02T21:12:27"}], "kaspersky": [{"id": "KLA10720", "type": "kaspersky", "title": "\r KLA10720Multiple vulnerabilities in Microsoft Internet Explorer & Edge ", "description": "### *CVSS*:\n9.3\n\n### *Detect date*:\n12/08/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft Internet Explorer & Edge. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, inject or execute arbitrary code, gain privileges or obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Internet Explorer versions 7 through 11 \nMicrosoft Edge\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[MS15-124](<https://technet.microsoft.com/en-us/library/security/MS15-124>) \n[MS15-125](<https://technet.microsoft.com/en-us/library/security/MS15-125>) \n\n\n### *Impacts*:\nSUI \n\n### *Related products*:\n[Microsoft Internet Explorer](<https://threats.kaspersky.com/en/product/Microsoft-Internet-Explorer/>)\n\n### *CVE-IDS*:\n[CVE-2015-6176](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6176>) \n[CVE-2015-6170](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6170>) \n[CVE-2015-6169](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6169>) \n[CVE-2015-6168](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6168>) \n[CVE-2015-6164](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6164>) \n[CVE-2015-6162](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6162>) \n[CVE-2015-6161](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6161>) \n[CVE-2015-6160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6160>) \n[CVE-2015-6159](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6159>) \n[CVE-2015-6158](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6158>) \n[CVE-2015-6157](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6157>) \n[CVE-2015-6156](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6156>) \n[CVE-2015-6155](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6155>) \n[CVE-2015-6154](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6154>) \n[CVE-2015-6153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6153>) \n[CVE-2015-6152](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6152>) \n[CVE-2015-6151](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6151>) \n[CVE-2015-6150](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6150>) \n[CVE-2015-6149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6149>) \n[CVE-2015-6148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6148>) \n[CVE-2015-6147](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6147>) \n[CVE-2015-6146](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6146>) \n[CVE-2015-6145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6145>) \n[CVE-2015-6144](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6144>) \n[CVE-2015-6143](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6143>) \n[CVE-2015-6142](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6142>) \n[CVE-2015-6141](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6141>) \n[CVE-2015-6140](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6140>) \n[CVE-2015-6139](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6139>) \n[CVE-2015-6138](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6138>) \n[CVE-2015-6136](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6136>) \n[CVE-2015-6135](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6135>) \n[CVE-2015-6134](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6134>) \n[CVE-2015-6083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6083>) \n\n\n### *Microsoft official advisories*:\n[MS15-124](<https://technet.microsoft.com/en-us/library/security/MS15-124>)\n\n### *KB list*:\n[3116869](<http://support.microsoft.com/kb/3116869>) \n[3105579](<http://support.microsoft.com/kb/3105579>) \n[3105578](<http://support.microsoft.com/kb/3105578>) \n[3116900](<http://support.microsoft.com/kb/3116900>) \n[3104002](<http://support.microsoft.com/kb/3104002>) \n[3116184](<http://support.microsoft.com/kb/3116184>) \n[3116180](<http://support.microsoft.com/kb/3116180>)", "published": "2015-12-08T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10720", "cvelist": ["CVE-2015-6139", "CVE-2015-6154", "CVE-2015-6144", "CVE-2015-6157", "CVE-2015-6150", "CVE-2015-6162", "CVE-2015-6146", "CVE-2015-6168", "CVE-2015-6148", "CVE-2015-6147", "CVE-2015-6136", "CVE-2015-6155", "CVE-2015-6142", "CVE-2015-6138", "CVE-2015-6160", "CVE-2015-6161", "CVE-2015-6149", "CVE-2015-6164", "CVE-2015-6083", "CVE-2015-6135", "CVE-2015-6158", "CVE-2015-6143", "CVE-2015-6140", "CVE-2015-6151", "CVE-2015-6134", "CVE-2015-6169", "CVE-2015-6159", "CVE-2015-6152", "CVE-2015-6176", "CVE-2015-6170", "CVE-2015-6141", "CVE-2015-6145", "CVE-2015-6153", "CVE-2015-6156"], "lastseen": "2018-07-06T07:34:15"}]}}
