Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka Internet Explorer Elevation of Privilege Vulnerability, a different vulnerability than CVE-2015-1748.
Weakness
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Internet_explorer | Microsoft | 7 (including) | 7 (including) |
| Internet_explorer | Microsoft | 8 (including) | 8 (including) |
| Internet_explorer | Microsoft | 9 (including) | 9 (including) |
| Internet_explorer | Microsoft | 10 (including) | 10 (including) |
| Internet_explorer | Microsoft | 11 (including) | 11 (including) |
Potential Mitigations
Related Attack Patterns
References
- http://www.securityfocus.com/bid/74996
- http://www.securitytracker.com/id/1032521
- http://www.zerodayinitiative.com/advisories/ZDI-15-377
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056
- http://www.securityfocus.com/bid/74996
- http://www.securitytracker.com/id/1032521
- http://www.zerodayinitiative.com/advisories/ZDI-15-377
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-056