CVE-2015-0050

Microsoft Internet Explorer 8 and 9 - Remote Code Execution or Denial of Service via Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-0050. PoCs published by Skylined.

AI-analyzed exploit summary This exploit demonstrates a memory read out-of-bounds vulnerability in Microsoft Internet Explorer 8 by manipulating the DOM with specific CSS and JavaScript. The issue is triggered by complex DOM manipulations but is noted as difficult to exploit due to limited side effects.

Description

Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-8967 and CVE-2015-0044.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Skylined · htmldoswindows

https://www.exploit-db.com/exploits/40841

View Code ZIP pw:eip

This exploit demonstrates a memory read out-of-bounds vulnerability in Microsoft Internet Explorer 8 by manipulating the DOM with specific CSS and JavaScript. The issue is triggered by complex DOM manipulations but is noted as difficult to exploit due to limited side effects.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Complex

Reliability

Theoretical

Target: Microsoft Internet Explorer 8

No auth needed

Prerequisites: Target must visit a specially crafted web page · JavaScript must be enabled

MITRE ATT&CK