CVE-2015-0071

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 9 through 11

Description The issue is related to a security feature bypass vulnerability that allows an attacker to bypass the Address Space Layout Randomization (ASLR) protection mechanism. This can be achieved via a crafted web site. The vulnerability enables an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. While the ASLR bypass by itself does not allow arbitrary code execution, it could be used in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code.

Recommendations For Microsoft Internet Explorer versions 9 through 11, consider disabling access to crafted web sites that could exploit this vulnerability until a patch is available. As a temporary workaround, restrict the use of Internet Explorer for accessing potentially malicious web sites to minimize the risk of exploitation. Avoid using Internet Explorer for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.