Vulnerability Details : CVE-2015-2412
Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability."
Vulnerability category: Input validationInformation leak
Products affected by CVE-2015-2412
- cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-2412
11.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-2412
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-2412
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2412
-
http://www.securityfocus.com/bid/75687
Microsoft Internet Explorer CVE-2015-2412 Information Disclosure Vulnerability
-
http://www.securitytracker.com/id/1032894
Microsoft Internet Explorer Multiple Bugs Let Remote Users Bypass ASLR, Obtain Potentially Sensitive Information, Gain Elevated Privileges, and Execute Arbitrary Code - SecurityTracker
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065
Microsoft Security Bulletin MS15-065 - Critical | Microsoft Docs
Jump to