[Cyber Security 2015] Critical Vulnerability in Microsoft Internet Explorer

Posted: August 19, 2015 in IT Security News
Tags: , , , , , ,


Internet Explorer vulnerabilitiesMicrosoft has corrected zero-day vulnerability in Internet Explorer

The flaw allows an attacker to gain complete control over the target device.

Microsoft has released an update that corrects zero-day vulnerability in Internet Explorer of versions 7-11 (this flaw does not appear to be present in new Microsoft Edge). The Critical Hole CVE-2015-2502 allows an attacker to remotely execute code on the target device.

According to Microsoft, the remote user can use a specially created a web-site to compromise a vulnerable system. The vulnerability is caused due to a memory corruption error when handling certain objects.

Microsoft Security Bulletin MS15-093

Microsoft Security Bulletin MS15-093

Exploitation of the vulnerability allows an attacker to gain the same rights as the device user. If the victim is logged on with administrative privileges, an attacker who successfully exploited this vulnerability has complete control of the affected device. A hacker could install programs, delete data and add new accounts.

Microsoft strongly recommends that you install the update that fixes a critical vulnerability.

Compromise system in Microsoft Internet Explorer: The CVE-2015-2502 memory corruption vulnerability

Risk: Critical
Availability correction: Yes
The number of vulnerabilities: 1

CVE ID: CVE-2015-2502

Vector of operation: Remote
Impact: System Compromise

  • Availability of exploit: The Functional Exploit is actively being exploited in the wild
  • Affected Products: Microsoft Internet Explorer 7.x, 8.x, 9.x, 10.x, 11.x
  • Vulnerable version: Internet Explorer 7, 8, 9, 10, 11

Description:

[CVE-2015-2502] The vulnerability allows a remote user to compromise a vulnerable system.

The vulnerability is caused due to a memory corruption error when handling certain objects. This can be exploited compromise a vulnerable system via a specially crafted web-site.

NOTE: The vulnerability is actively exploited at the moment.

Solution: Install the latest version from the manufacturer.


Microsoft LogoManufacturer URL: microsoft.com

Links:

Comments
  1. Rabid Bunny says:

    Solution: Install the latest version from the manufacturer.

    What does that mean? Latest version of what? From what manufacturer? Microsoft? Asus?

  2. Adam K. says:

    According to a report from IT security firm Symantec the patched flaw was being used in attacks targeting visitors to the website of the Evangelical Lutheran Church of Hong Kong.

  3. cscartsoft says:

    Thank you for the post about the vulnerability in Internet Explorer, you helped me a lot.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s