CVE-2015-0071
Published: 11 February 2015
Summary
CVE-2015-0071 is a medium-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 2.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SC-39 (Process Isolation).
Deeper analysis
Microsoft Internet Explorer versions 9 through 11 contain an ASLR bypass vulnerability that permits remote attackers to circumvent address space layout randomization protections when a user visits a specially crafted website. The flaw is tracked as CVE-2015-0071 and carries a CVSS 3.1 score of 6.5, reflecting network attack vector, low complexity, no required privileges, and user interaction.
An attacker can deliver the exploit through a malicious web page that the victim is induced to load in a vulnerable IE instance. Successful exploitation disables ASLR for the browser process, thereby simplifying follow-on memory corruption attacks that aim to achieve arbitrary code execution or other integrity impacts without altering confidentiality or availability directly.
Microsoft addressed the issue in security bulletin MS15-009, with additional details available from sources such as SecurityFocus bid 72455 and SecurityTracker ID 1031723. No information on observed in-the-wild exploitation is provided in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2015-0109
Vulnerability details
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
- CWE(s)
- KEV Date Added
- 25 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires memory protection mechanisms such as ASLR that the CVE bypasses in IE.
Mandates separate execution domains for processes, which ASLR supports and the vulnerability undermines.
Requires timely remediation of the identified IE flaw (MS15-009) to eliminate the ASLR bypass.