CVE-2015-6045 : Use-after-free vulnerability in the CElement object implementation in Microsoft

Use-after-free vulnerability in the CElement object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript that improperly interacts with use of the Cascading Style Sheets (CSS) empty-cells property for a TABLE element, aka "Internet Explorer Memory Corruption Vulnerability."

Published 2015-11-13 03:59:02

Updated 2025-04-12 10:46:41

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Products affected by CVE-2015-6045

Microsoft » Internet Explorer » Version: 11
cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-6045

EPSS FAQ

26.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-6045

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2015-6045

http://www.zerodayinitiative.com/advisories/ZDI-15-523/

ZDI-15-523 | Zero Day Initiative
http://www.zerodayinitiative.com/advisories/ZDI-15-523

ZDI-15-523 | Zero Day Initiative
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106

Microsoft Security Bulletin MS15-106 - Critical | Microsoft Docs

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-6045

Products affected by CVE-2015-6045

Exploit prediction scoring system (EPSS) score for CVE-2015-6045

CVSS scores for CVE-2015-6045

References for CVE-2015-6045