5

CVE-2015-6135

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftJscript Version5.7
   MicrosoftInternet Explorer Version8
   MicrosoftInternet Explorer Version9
   MicrosoftInternet Explorer Version10
   MicrosoftInternet Explorer Version11 Update-
MicrosoftJscript Version5.8
   MicrosoftInternet Explorer Version8
   MicrosoftInternet Explorer Version9
   MicrosoftInternet Explorer Version10
   MicrosoftInternet Explorer Version11 Update-
MicrosoftVbscript Version5.7
   MicrosoftInternet Explorer Version8
   MicrosoftInternet Explorer Version9
   MicrosoftInternet Explorer Version10
   MicrosoftInternet Explorer Version11 Update-
MicrosoftVbscript Version5.8
   MicrosoftInternet Explorer Version8
   MicrosoftInternet Explorer Version9
   MicrosoftInternet Explorer Version10
   MicrosoftInternet Explorer Version11 Update-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 23.92% 0.975
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securitytracker.com/id/1034315
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124
http://www.securitytracker.com/id/1034317
http://www.zerodayinitiative.com/advisories/ZDI-15-586
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-126