Microsoft has corrected zero-day vulnerability in Internet Explorer

The flaw allows an attacker to gain complete control over the target device.

Microsoft has released an update that corrects zero-day vulnerability in Internet Explorer of versions 7-11 (this flaw does not appear to be present in new Microsoft Edge). The Critical Hole CVE-2015-2502 allows an attacker to remotely execute code on the target device.

According to Microsoft, the remote user can use a specially created a web-site to compromise a vulnerable system. The vulnerability is caused due to a memory corruption error when handling certain objects.

Microsoft Security Bulletin MS15-093

Exploitation of the vulnerability allows an attacker to gain the same rights as the device user. If the victim is logged on with administrative privileges, an attacker who successfully exploited this vulnerability has complete control of the affected device. A hacker could install programs, delete data and add new accounts.

Microsoft strongly recommends that you install the update that fixes a critical vulnerability.

Compromise system in Microsoft Internet Explorer: The CVE-2015-2502 memory corruption vulnerability

Risk: Critical

Availability correction: Yes

The number of vulnerabilities: 1

CVE ID: CVE-2015-2502

Vector of operation: Remote

Impact: System Compromise

Availability of exploit: The Functional Exploit is actively being exploited in the wild

Affected Products: Microsoft Internet Explorer 7.x, 8.x, 9.x, 10.x, 11.x

Vulnerable version: Internet Explorer 7, 8, 9, 10, 11

Description:

[CVE-2015-2502] The vulnerability allows a remote user to compromise a vulnerable system.

The vulnerability is caused due to a memory corruption error when handling certain objects. This can be exploited compromise a vulnerable system via a specially crafted web-site.

NOTE: The vulnerability is actively exploited at the moment.

Solution: Install the latest version from the manufacturer.

Manufacturer URL: microsoft.com

Links: