CVE-2015-6086

Microsoft Internet Explorer <11 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-6086. PoCs published by Ashfaq Ansari, payatu, OpenSISE.

AI-analyzed exploit summary This PoC exploits an out-of-bounds read vulnerability in Internet Explorer's CDOMStringDataList::InitFromString to leak the base address of MSHTML.DLL, bypassing ASLR. It uses heap spraying and memory manipulation techniques to achieve the leak.

Description

Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."

Exploits (3)

exploitdb WORKING POC VERIFIED
by Ashfaq Ansari · htmlremotewindows
https://www.exploit-db.com/exploits/39698

This PoC exploits an out-of-bounds read vulnerability in Internet Explorer's CDOMStringDataList::InitFromString to leak the base address of MSHTML.DLL, bypassing ASLR. It uses heap spraying and memory manipulation techniques to achieve the leak.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Complex
Reliability
Racy
Target: Internet Explorer 9, 10, 11 on Windows 7 SP1 x86
No auth needed
Prerequisites: Internet Explorer 9, 10, or 11 on Windows 7 SP1 x86 · JavaScript execution in the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 67 stars
by payatu · poc
https://github.com/payatu/CVE-2015-6086

This repository contains a proof-of-concept exploit for CVE-2015-6086, an out-of-bounds read vulnerability in Internet Explorer's CDOMStringDataList::InitFromString function. The flaw allows leaking the base address of MSHTML.DLL, bypassing ASLR.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Internet Explorer 9, 10, 11
No auth needed
Prerequisites: Target must be using a vulnerable version of Internet Explorer (9, 10, or 11)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WRITEUP 31 stars
by OpenSISE · cpoc
https://github.com/OpenSISE/CVE_PoC_Collect/tree/master/Read_Write_Any_Address/internet explorer/CVE-2015-6086

The repository provides a detailed technical analysis of CVE-2015-6086, an out-of-bounds read vulnerability in Internet Explorer's `CDOMStringDataList::InitFromString` function. It includes a code snippet demonstrating the flawed logic and explains how it can be exploited to bypass ASLR by leaking the base address of MSHTML.DLL.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Internet Explorer 9, 10, 11
No auth needed
Prerequisites: Internet Explorer 9, 10, or 11 on Windows 7 SP1 x86
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39698/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034112
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-547
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/77461

Scores

EPSS 0.5785
EPSS Percentile 98.2%

Details

CWE
CWE-200
Status published
Products (3)
microsoft/internet_explorer 9
microsoft/internet_explorer 10
microsoft/internet_explorer 11
Published Nov 11, 2015
Tracked Since Feb 18, 2026