CVE-2015-6059 - Vulnerability Details - OpenCVE

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Internet Explorer Jscript Vbscript

Configuration 1 [-]

AND

OR	cpe:2.3:a:microsoft:jscript:5.6:::::::*
	cpe:2.3:a:microsoft:jscript:5.7:::::::*
	cpe:2.3:a:microsoft:jscript:5.8:::::::*
	cpe:2.3:a:microsoft:vbscript:5.6:::::::*
	cpe:2.3:a:microsoft:vbscript:5.7:::::::*
	cpe:2.3:a:microsoft:vbscript:5.8:::::::*

OR	cpe:2.3:a:microsoft:internet_explorer:8:::::::*
	cpe:2.3:a:microsoft:internet_explorer:9:::::::*
	cpe:2.3:a:microsoft:internet_explorer:10:::::::*
	cpe:2.3:a:microsoft:internet_explorer:11:-::::::

No data.

References

Link	Providers
http://www.securitytracker.com/id/1033800
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2015-10-14T01:00:00

Updated: 2024-08-06T07:06:35.239Z

Reserved: 2015-08-14T00:00:00

Link: CVE-2015-6059

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-10-14T01:59:29.403

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-6059

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Scripting Engine Information Disclosure Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "MS15-108", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108"}, {"name": "1033800", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033800"}, {"name": "MS15-106", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2015-6059", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Scripting Engine Information Disclosure Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS15-108", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108"}, {"name": "1033800", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033800"}, {"name": "MS15-106", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:06:35.239Z"}, "title": "CVE Program Container", "references": [{"name": "MS15-108", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108"}, {"name": "1033800", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033800"}, {"name": "MS15-106", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2015-6059", "datePublished": "2015-10-14T01:00:00", "dateReserved": "2015-08-14T00:00:00", "dateUpdated": "2024-08-06T07:06:35.239Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:jscript:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "D4121EDF-9253-49E7-B41E-F6530A25E0DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:jscript:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "B643637F-3903-4374-85D0-1CAA75E98BE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:jscript:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "67691569-4F51-4021-A318-83A0F9AE64AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:vbscript:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "6D5EF0A1-84C5-472B-9FFA-1D6052CD656B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:vbscript:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "0061E11D-9293-401A-BA38-85AD0C4A04E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:vbscript:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "1C94EA55-F0DE-4A45-A020-9F7FE2A3745B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Scripting Engine Information Disclosure Vulnerability.\""}, {"lang": "es", "value": "Los motores Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, tal como se utiliza en Internet Explorer 8 hasta la versi\u00f3n 11 y otros productos, permiten a atacantes remotos obtener informaci\u00f3n sensible de los procesos de la memoria a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocido como 'Scripting Engine Information Disclosure Vulnerability'."}], "id": "CVE-2015-6059", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-10-14T01:59:29.403", "references": [{"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1033800"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033800"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-108"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}