CVE-2015-6161

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 7 through 11 Microsoft Edge

Description A security feature bypass exists when Microsoft Edge and Internet Explorer fail to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This bypass can be exploited via a crafted web site. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, to more reliably run arbitrary code on a target system.

Recommendations For Microsoft Internet Explorer versions 7 through 11, consider disabling the browser until a patch is available. For Microsoft Edge, consider restricting access to potentially vulnerable web sites until a patch is available. As a temporary workaround, consider implementing additional security measures to minimize the risk of exploitation, such as enhancing memory protection mechanisms. At the moment, there is no information about a newer version that contains a fix for this vulnerability.