⚠️ CISA Known Exploited Vulnerability
Active ThreatThis vulnerability is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Active exploitation has been observed in the wild. This poses significant risk to federal enterprises and should be prioritized for immediate patching.
CVE-2015-2502
High CISA KEVVulnerability Description
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Known Affected Software
5 configuration(s) from 1 vendor(s)
cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
References & Resources
-
http://twitter.com/Laughing_Mantis/statuses/633839231840841728secure@microsoft.com Exploit
-
http://twitter.com/Laughing_Mantis/statuses/633839771865886721secure@microsoft.com Press/Media Coverage
-
http://www.securityfocus.com/bid/76403secure@microsoft.com Broken Link Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1033317secure@microsoft.com Broken Link Third Party Advisory VDB Entry
-
http://www.securityweek.com/microsoft-issues-emergency-patch-critical-ie-flaw-exploited-wildsecure@microsoft.com Press/Media Coverage
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-093secure@microsoft.com Patch Vendor Advisory
-
http://twitter.com/Laughing_Mantis/statuses/633839231840841728af854a3a-2127-422b-91ae-364da2661108 Exploit
-
http://twitter.com/Laughing_Mantis/statuses/633839771865886721af854a3a-2127-422b-91ae-364da2661108 Press/Media Coverage
-
http://www.securityfocus.com/bid/76403af854a3a-2127-422b-91ae-364da2661108 Broken Link Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1033317af854a3a-2127-422b-91ae-364da2661108 Broken Link Third Party Advisory VDB Entry
-
http://www.securityweek.com/microsoft-issues-emergency-patch-critical-ie-flaw-exploited-wildaf854a3a-2127-422b-91ae-364da2661108 Press/Media Coverage
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-093af854a3a-2127-422b-91ae-364da2661108 Patch Vendor Advisory
-
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-2502134c704f-9b21-4f2e-91b3-4a467353bcc0
Severity Details
CISA KEV Status
Listed in CISA's Known Exploited Vulnerabilities catalog
Key Information
- Published Date
- August 19, 2015
