CVE-2015-6042

Published: Oct 14, 2015Modified: May 6, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Use-after-free vulnerability in the CWindow object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Affected (1)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 11

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (6)

http://www.securitytracker.com/id/1033800

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-15-520

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106

Source: secure@microsoft.com

PatchVendor Advisory

http://www.securitytracker.com/id/1033800

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-15-520

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-106

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.