CVE-2015-6136 - Vulnerability Details - OpenCVE

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Internet Explorer Jscript Vbscript

Configuration 1 [-]

AND

OR	cpe:2.3:a:microsoft:jscript:5.7:::::::*
	cpe:2.3:a:microsoft:jscript:5.8:::::::*
	cpe:2.3:a:microsoft:vbscript:5.7:::::::*
	cpe:2.3:a:microsoft:vbscript:5.8:::::::*

OR	cpe:2.3:a:microsoft:internet_explorer:8:::::::*
	cpe:2.3:a:microsoft:internet_explorer:9:::::::*
	cpe:2.3:a:microsoft:internet_explorer:10:::::::*
	cpe:2.3:a:microsoft:internet_explorer:11:-::::::

No data.

References

Link	Providers
http://www.securitytracker.com/id/1034315
http://www.securitytracker.com/id/1034317
http://www.zerodayinitiative.com/advisories/ZDI-15-591
http://www.zerodayinitiative.com/advisories/ZDI-15-592
http://www.zerodayinitiative.com/advisories/ZDI-15-593
http://www.zerodayinitiative.com/advisories/ZDI-15-594
http://www.zerodayinitiative.com/advisories/ZDI-15-595
http://www.zerodayinitiative.com/advisories/ZDI-15-597
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-126

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2015-12-09T11:00:00

Updated: 2024-08-06T07:15:13.293Z

Reserved: 2015-08-14T00:00:00

Link: CVE-2015-6136

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-12-09T11:59:20.683

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-6136

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-595"}, {"name": "MS15-126", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-126"}, {"name": "1034315", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034315"}, {"name": "MS15-124", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-594"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-592"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-593"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-597"}, {"name": "1034317", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034317"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-591"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2015-6136", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-595", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-595"}, {"name": "MS15-126", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-126"}, {"name": "1034315", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034315"}, {"name": "MS15-124", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-594", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-594"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-592", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-592"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-593", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-593"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-597", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-597"}, {"name": "1034317", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034317"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-591", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-591"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:15:13.293Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-595"}, {"name": "MS15-126", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-126"}, {"name": "1034315", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034315"}, {"name": "MS15-124", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-594"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-592"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-593"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-597"}, {"name": "1034317", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034317"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-591"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2015-6136", "datePublished": "2015-12-09T11:00:00", "dateReserved": "2015-08-14T00:00:00", "dateUpdated": "2024-08-06T07:15:13.293Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:jscript:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "B643637F-3903-4374-85D0-1CAA75E98BE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:jscript:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "67691569-4F51-4021-A318-83A0F9AE64AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:vbscript:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "0061E11D-9293-401A-BA38-85AD0C4A04E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:vbscript:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "1C94EA55-F0DE-4A45-A020-9F7FE2A3745B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": false}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": false}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": false}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\""}, {"lang": "es", "value": "Los motores de Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, como se utilizan en Internet Explorer 8 hasta la versi\u00f3n 11 y otros productos, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocida como 'Scripting Engine Memory Corruption Vulnerability'."}], "id": "CVE-2015-6136", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-12-09T11:59:20.683", "references": [{"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1034315"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1034317"}, {"source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-591"}, {"source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-592"}, {"source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-593"}, {"source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-594"}, {"source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-595"}, {"source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-597"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-126"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034317"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-591"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-592"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-593"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-594"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-595"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-597"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-126"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}