CVE-2015-1730

Microsoft Internet Explorer 9 - Remote Code Execution or Denial of Service via Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1730. PoCs published by Skylined.

AI-analyzed exploit summary This exploit leverages a stack-based use-after-free vulnerability in Microsoft Internet Explorer 9 by manipulating the stack during recursive function calls to achieve remote code execution. It uses heap spraying and controlled stack exhaustion to overwrite a vulnerable pointer, redirecting execution flow to attacker-controlled shellcode.

Description

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Skylined · htmlremotewindows

https://www.exploit-db.com/exploits/40881

View Code ZIP pw:eip

This exploit leverages a stack-based use-after-free vulnerability in Microsoft Internet Explorer 9 by manipulating the stack during recursive function calls to achieve remote code execution. It uses heap spraying and controlled stack exhaustion to overwrite a vulnerable pointer, redirecting execution flow to attacker-controlled shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: Microsoft Internet Explorer 9

No auth needed

Prerequisites: Target must visit a malicious webpage · JavaScript must be enabled in the target's browser

MITRE ATT&CK