CVE-2015-6168 : Détail

CVE-2015-6168

Overflow
11.62%V3
Network
2015-12-09
10h00 +00:00
2018-10-12
17h57 +00:00
CVE.org
NVD
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6153.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Informations sur l'Exploit

Exploit Database EDB-ID : 40878

Date de publication : 2016-12-05 23h00 +00:00
Auteur : Skylined
EDB Vérifié : Yes

Source: http://blog.skylined.nl/20161201001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge. I did not investigate this vulnerability thoroughly, so I cannot speculate on the potential impact or exploitability. Known affected software and attack vectors Microsoft Edge 11.0.10240.16384 An attacker would need to get a target user to open a specially crafted web-page. Disabling Java­Script does not prevent an attacker from triggering the vulnerable code path. Repro: /<style>:first-letter{word-spacing:9 Variation: x<style>:first-letter{background-position:inherit Description At the time this issue was first discovered, Mem­GC was just introduced, and I had not yet fully appreciated what an impact it would have on mitigating use-after-free bugs. Despite Mem­GC being enabled in Microsoft Edge by default, this issue appeared to me to have been a use-after-free vulnerability. However, both Microsoft and ZDI (whom I sold the vulnerability to) describes it as a memory corruption vulnerability, so it's probably more complex than I assumed. At the time, I did not consider this vulnerability to be of great interest, as there was no immediately obvious way of controlling the vulnerability in order to exploit it. So, I did not do any further investigation into the root cause and, if this was indeed a use-after-free, how come Mem­GC did not mitigate it? In hindsight, it would have been a good idea to investigate the root cause, as any use-after-free that is not mitigated by Mem­GC might provide hints on how to find more vulnerabilities that bypass it. Time-line August 2015: This vulnerability was found through fuzzing. August 2015: This vulnerability was submitted to ZDI. December 2015: Microsoft addresses this vulnerability in MS15-125. December 2016: Details of this vulnerability are released.

Products Mentioned

Configuraton 0

Microsoft>>Edge >> Version -

Références

https://www.exploit-db.com/exploits/40878/
Tags : exploit, x_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1034316
Tags : vdb-entry, x_refsource_SECTRACK
http://seclists.org/fulldisclosure/2016/Dec/4
Tags : mailing-list, x_refsource_FULLDISC