CVE ID | CVE-2015-1743 |
CVSS SCORE | 6.9, AV:L/AC:M/Au:N/C:C/I:C/A:C |
AFFECTED VENDORS |
Microsoft |
AFFECTED PRODUCTS |
Internet Explorer |
VULNERABILITY DETAILS |
The specific flaw exists within the use of the ActiveX install broker. The broker allows files to be installed to arbitrary paths from within the Internet Explorer sandbox and subsequently executed. An attacker can leverage this vulnerability to execute code under the context of the user at medium integrity. |
ADDITIONAL DETAILS |
Microsoft has issued an update to correct this vulnerability. More details can be found at:
https://technet.microsoft.com/library/security/MS15-056 |
DISCLOSURE TIMELINE |
|
CREDIT | Yuki Chen of Qihoo 360 |