CVE-2015-2542:Microsoft Internet Explorer 10/11 and Microsoft Edge memory corruption vulnerability that could allow remote code execution or memory corruption Denial of Service via a crafted web site.

splash
Back

Description Preview

CVE-2015-2542 describes a memory corruption vulnerability in Microsoft Internet Explorer 10 and 11 and Microsoft Edge. When a user visits a crafted or malicious website, an attacker could potentially execute arbitrary code on the affected machine or trigger a denial of service. The issue was publicly disclosed in 2015 and Microsoft released security updates MS15-094 and MS15-095 to address it.

Overview

This vulnerability is a memory corruption issue in IE 10/11 and Edge that can be exploited by visiting a specially crafted web page. Successful exploitation could allow a remote attacker to execute arbitrary code on the user’s system or cause a crash leading to a denial of service. The vulnerability affects the rendering/processing paths used by these browsers and was publicly disclosed in 2015.

Remediation

Apply the Microsoft security updates MS15-094 and MS15-095 to vulnerable Windows systems, and ensure systems are kept up to date via Windows Update. Organizations should deploy these patches and verify installation to mitigate the risk, and consider general browser hardening and standard patch management practices.

References

  • 76571 (BID): http://www.securityfocus.com/bid/76571
  • MS15-094: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094
  • MS15-095: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-095
  • 1033487 (SECTRACK): http://www.securitytracker.com/id/1033487

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Medium
    Manufacturing
  2. Health Care & Social Assistance: Medium
    Health Care & Social Assistance
  3. Transportation & Warehousing: Low
    Transportation & Warehousing
  4. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  5. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  6. Accommodation & Food Services: Low
    Accommodation & Food Services
  7. Educational Services: Low
    Educational Services
  8. Finance and Insurance: Low
    Finance and Insurance
  9. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  10. Public Administration: Low
    Public Administration
  11. Utilities: Low
    Utilities
  12. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  13. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  14. Construction: Low
    Construction
  15. Information: Low
    Information
  16. Mining: Low
    Mining
  17. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  18. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  19. Retail Trade: Low
    Retail Trade
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background