Vulnerability Name:

CVE-2015-6053 (CCN-106761)

Assigned:2015-10-13
Published:2015-10-13
Updated:2018-10-12
Summary:Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via crafted parameters in an ArrayBuffer.slice call, aka "Internet Explorer Information Disclosure Vulnerability."
CVSS v3 Severity:4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2015-6053

Source: CCN
Type: Microsoft Security Bulletin MS15-106
Cumulative Security Update for Internet Explorer (3096441)

Source: CCN
Type: Microsoft Security Bulletin MS15-111
Security Update for Windows Kernel to Address Elevation of Privilege (3096447)

Source: CCN
Type: Microsoft Security Bulletin MS15-112
Cumulative Security Update for Internet Explorer (3104517)

Source: CCN
Type: Microsoft Security Bulletin MS15-115
Security Update for Microsoft Windows to Address Remote Code Execution (3105864)

Source: CCN
Type: Microsoft Security Bulletin MS15-124
Cumulative Security Update for Internet Explorer (3116180)

Source: CCN
Type: Microsoft Security Bulletin MS15-128
Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)

Source: CCN
Type: Microsoft Security Bulletin MS15-132
Security Update for Microsoft Windows to Address Remote Code Execution (3116162)

Source: CCN
Type: Microsoft Security Bulletin MS15-135
Security Update for Windows Kernel Mode Drivers to Address Elevation of Privilege (3119075)

Source: CCN
Type: Microsoft Security Bulletin MS16-001
Cumulative Security Update for Internet Explorer (3124903)

Source: CCN
Type: Microsoft Security Bulletin MS16-008
Security Update for Kernel to Address Elevation of Privilege (3124605)

Source: CCN
Type: Microsoft Security Bulletin MS16-009
Cumulative Security Update for Internet Explorer (3134220)

Source: CCN
Type: Microsoft Security Bulletin MS16-014
Security update for Microsoft Windows to Address Remote Code Execution (3134228)

Source: CCN
Type: Microsoft Security Bulletin MS16-023
Cumulative Security Update for Internet Explorer (3142015)

Source: CCN
Type: Microsoft Security Bulletin MS16-031
Security Update for Microsoft Windows to Address Elevation of Privilege (3140410)

Source: CCN
Type: Microsoft Security Bulletin MS16-035
Security Update for .NET Framework to Address Security Feature Bypass (3141780)

Source: CCN
Type: Microsoft Security Bulletin MS16-037
Cumulative Security Update for Internet Explorer (3148531)

Source: CCN
Type: Microsoft Security Bulletin MS16-044
Security Update for Windows OLE (3146706)

Source: CCN
Type: Microsoft Security Bulletin MS16-048
Security Update for CSRSS (3148528)

Source: CCN
Type: Microsoft Security Bulletin MS16-051
Cumulative Security Update for Internet Explorer (3155533)

Source: CCN
Type: Microsoft Security Bulletin MS16-060
Security Update for Windows Kernel (3154846)

Source: CCN
Type: Microsoft Security Bulletin MS16-061
Security Update for Microsoft RPC (3155520)

Source: CCN
Type: Microsoft Security Bulletin MS16-063
Cumulative Security Update for Internet Explorer (3163649)

Source: CCN
Type: Microsoft Security Bulletin MS16-084
Cumulative Security Update for Internet Explorer (3169991)

Source: CCN
Type: Microsoft Security Bulletin MS16-092
Security Update for Windows Kernel (3171910)

Source: CCN
Type: Microsoft Security Bulletin MS16-095
Cumulative Security Update for Internet Explorer (3177356)

Source: CCN
Type: Microsoft Security Bulletin MS16-104
Cumulative Security Update for Internet Explorer (3183038)

Source: CCN
Type: Microsoft Security Bulletin MS16-111
Security Update for Windows Kernel (3186973)

Source: CCN
Type: Microsoft Security Bulletin MS16-118
Cumulative Security Update for Internet Explorer (3192887)

Source: CCN
Type: Microsoft Security Bulletin MS16-120
Security Update for Microsoft Graphics Component (3192884)

Source: CCN
Type: Microsoft Security Bulletin MS16-122
Security Update for Microsoft Video Control (3195360)

Source: CCN
Type: Microsoft Security Bulletin MS16-123
Security Update for Kernel-Mode Drivers (3192892)

Source: CCN
Type: Microsoft Security Bulletin MS16-124
Security Update for Windows Registry (3193227)

Source: CCN
Type: Microsoft Security Bulletin MS16-126
Security Update for Microsoft Internet Messaging API (3196067)

Source: CCN
Type: Microsoft Security Bulletin MS16-131
Security Update for Microsoft Video Control (3199151)

Source: CCN
Type: Microsoft Security Bulletin MS16-139
Security Update for Windows Kernel (3199720)

Source: CCN
Type: Microsoft Security Bulletin MS16-142
Cumulative Security Update for Internet Explorer (3198467)

Source: CCN
Type: Microsoft Security Bulletin MS16-144
Cumulative Security Update for Internet Explorer (3204059)

Source: CCN
Type: Microsoft Security Bulletin MS16-155
Security Update for .NET Framework (3205640)

Source: CCN
Type: Microsoft Security Bulletin MS17-006
Cumulative Security Update for Internet Explorer (4013073)

Source: CCN
Type: Microsoft Security Bulletin MS17-013
Security Update for Microsoft Graphics Component (4013075)

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1033800

Source: MISC
Type: Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-15-518

Source: MS
Type: UNKNOWN
MS15-106

Source: XF
Type: UNKNOWN
ms-ie-cve20156053-info-disc(106761)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:microsoft:ie:11:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    microsoft internet explorer 11 -
    microsoft ie 11