Test ID:	1.3.6.1.4.1.25623.1.0.805143
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (3032359)
Summary:	This host is missing a critical security; update according to Microsoft Bulletin MS15-018.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS15-018. Vulnerability Insight: Multiple flaws are due to improper handling of cross-domain policies, improper validation of permissions under specific conditions and not properly handling objects in memory by VBScript engine, when rendered in Internet Explorer. Vulnerability Impact: Successful exploitation will allow remote attackers to access information from one domain and inject it into another domain, execute arbitrary script with elevated privileges, corrupt memory and compromise a user's system. Affected Software/OS: Microsoft Internet Explorer version 6.x/7.x/8.x/9.x/10.x/11.x and VBScript 5.8 on IE 8.x/9.x/10.x/11.x. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0032 BugTraq ID: 72910 http://www.securityfocus.com/bid/72910 Microsoft Security Bulletin: MS15-018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018 Microsoft Security Bulletin: MS15-019 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-019 http://www.securitytracker.com/id/1031887 http://www.securitytracker.com/id/1031888 Common Vulnerability Exposure (CVE) ID: CVE-2015-0056 BugTraq ID: 72924 http://www.securityfocus.com/bid/72924 Common Vulnerability Exposure (CVE) ID: CVE-2015-0072 BugTraq ID: 72489 http://www.securityfocus.com/bid/72489 Bugtraq: 20150209 Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072) (Google Search) http://www.securityfocus.com/archive/1/534662/100/0/threaded http://seclists.org/fulldisclosure/2015/Feb/0 http://community.websense.com/blogs/securitylabs/archive/2015/02/05/another-day-another-zero-day-internet-explorer-s-turn-cve-2015-0072.aspx http://innerht.ml/blog/ie-uxss.html http://packetstormsecurity.com/files/130308/Microsoft-Internet-Explorer-Universal-XSS-Proof-Of-Concept.html http://www.pcworld.com/article/2879372/dangerous-ie-vulnerability-opens-door-to-powerful-phishing-attacks.html https://nakedsecurity.sophos.com/2015/02/04/internet-explorer-has-a-cross-site-scripting-zero-day-bug/ http://secunia.com/advisories/62658 XForce ISS Database: ms-ie-cve20150072-xss(100606) https://exchange.xforce.ibmcloud.com/vulnerabilities/100606 Common Vulnerability Exposure (CVE) ID: CVE-2015-0099 BugTraq ID: 72925 http://www.securityfocus.com/bid/72925 Common Vulnerability Exposure (CVE) ID: CVE-2015-0100 BugTraq ID: 72926 http://www.securityfocus.com/bid/72926 Common Vulnerability Exposure (CVE) ID: CVE-2015-1622 BugTraq ID: 72927 http://www.securityfocus.com/bid/72927 Common Vulnerability Exposure (CVE) ID: CVE-2015-1623 BugTraq ID: 72928 http://www.securityfocus.com/bid/72928 Common Vulnerability Exposure (CVE) ID: CVE-2015-1624 BugTraq ID: 72929 http://www.securityfocus.com/bid/72929 Common Vulnerability Exposure (CVE) ID: CVE-2015-1625 BugTraq ID: 72923 http://www.securityfocus.com/bid/72923 Common Vulnerability Exposure (CVE) ID: CVE-2015-1626 BugTraq ID: 72930 http://www.securityfocus.com/bid/72930 Common Vulnerability Exposure (CVE) ID: CVE-2015-1627 BugTraq ID: 72932 http://www.securityfocus.com/bid/72932 Common Vulnerability Exposure (CVE) ID: CVE-2015-1634 BugTraq ID: 72931 http://www.securityfocus.com/bid/72931
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.