Lucene search

K

[email protected]NVD:CVE-2015-6055

HistoryOct 14, 2015 - 1:59 a.m.

CVE-2015-6055

2015-10-1401:59:25

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

High

0.436 Medium

EPSS

Percentile

97.4%

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Filter arguments, aka “Scripting Engine Memory Corruption Vulnerability.”

Affected configurations

NVD

Node

microsoftjscriptMatch5.6

OR

microsoftjscriptMatch5.7

OR

microsoftjscriptMatch5.8

OR

microsoftvbscriptMatch5.6

OR

microsoftvbscriptMatch5.7

OR

microsoftvbscriptMatch5.8

AND

microsoftinternet_explorerMatch8

OR

microsoftinternet_explorerMatch9

OR

microsoftinternet_explorerMatch10

OR

microsoftinternet_explorerMatch11-

References

www.securityfocus.com/bid/77010

www.securitytracker.com/id/1033800

www.zerodayinitiative.com/advisories/ZDI-15-521

www.zerodayinitiative.com/advisories/ZDI-15-537

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

High

0.436 Medium

EPSS

Percentile

97.4%

Related for NVD:CVE-2015-6055

zdi2 symantec1 cvelist1 cve1 checkpoint_advisories1 prion1 mskb2 nessus2 kaspersky2 openvas2 securityvulns1