CVE-2015-2445

Name of the Vulnerable Software and Affected Versions Internet Explorer version 10

Description The issue is related to the lack of protection for service data in Internet Explorer, allowing a remote attacker to bypass the Address Space Layout Randomization (ASLR) protection mechanism using a specially crafted website. This security feature bypass vulnerability exists because Internet Explorer fails to utilize the ASLR security feature, enabling an attacker to more reliably predict memory offsets of specific instructions in a given call stack. While this bypass by itself does not allow arbitrary code execution, it could be used in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system.

Recommendations For Internet Explorer version 10, consider disabling access to potentially vulnerable web sites or modules until a patch is available. Restrict the use of Internet Explorer for sensitive operations to minimize the risk of exploitation.