CVE-2015-6152

Internet Explorer 10 - Remote Code Execution via Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6152. PoCs published by Moritz Jodeit.

AI-analyzed exploit summary This is a proof-of-concept exploit for CVE-2015-6152, a use-after-free vulnerability in Microsoft Internet Explorer 11. The HTML file triggers the vulnerability by manipulating DOM elements and executing specific JavaScript, leading to arbitrary code execution.

Description

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6162.

Exploits (1)

exploitdb WORKING POC
by Moritz Jodeit · htmldoswindows
https://www.exploit-db.com/exploits/38972

This is a proof-of-concept exploit for CVE-2015-6152, a use-after-free vulnerability in Microsoft Internet Explorer 11. The HTML file triggers the vulnerability by manipulating DOM elements and executing specific JavaScript, leading to arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 11
No auth needed
Prerequisites: Target must visit a malicious page or open a malicious file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38972/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034315
Patch, Vendor Advisory vendor-advisory x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-124

Scores

EPSS 0.3830
EPSS Percentile 98.4%

Details

CWE
CWE-119
Status published
Products (1)
microsoft/internet_explorer 10
Published Dec 09, 2015
Tracked Since Feb 18, 2026