CVE-2015-6088

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 9 through 11 Microsoft Edge (affected versions not specified)

Description The issue is related to the absence of protection for service data, allowing a remote attacker to bypass the Address Space Layout Randomization (ASLR) protection mechanism via a crafted web site. This security feature bypass exists when the browsers fail to use the ASLR security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The bypass by itself does not allow arbitrary code execution, but an attacker could use it in conjunction with another vulnerability to more reliably run arbitrary code on a target system.

Recommendations For Microsoft Internet Explorer versions 9 through 11, consider disabling the browser until a patch is available. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.