vendor:
Internet Explorer
by:
Blue Frost Security GmbH
7.5
CVSS
HIGH
Use-After-Free
416
CWE
Product Name: Internet Explorer
Affected Version From: IE 8
Affected Version To: IE 11
Patch Exists: YES
Related CWE: CVE-2015-2444
CPE: a:microsoft:internet_explorer
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 8.1 (x64)
2015
CTreeNode::GetCascadedLang Use-After-Free Vulnerability
Microsoft Internet Explorer 11 is prone to a use-after-free vulnerability in the MSHTML!CTreeNode::GetCascadedLang function. If an attacker succeeds in bypassing the Memory Protector and Isolated Heap protection mechanisms this vulnerability allows the execution of arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Mitigation:
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.