CVE-2015-2449

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 7 through 11 Microsoft Edge

Description The issue is related to the bypass of the Address Space Layout Randomization (ASLR) protection mechanism. This allows an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. By itself, this bypass does not allow arbitrary code execution but could be used in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system. An attacker could exploit this via a crafted web site.

Recommendations For Microsoft Internet Explorer versions 7 through 11, consider updating to a version that includes the ASLR security feature. For Microsoft Edge, ensure that the Address Space Layout Randomization (ASLR) security feature is enabled to protect against this bypass. As a temporary workaround, consider restricting access to potentially vulnerable web sites until a patch is available.