CVE-2015-2482

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 8 through 11 VBScript versions 5.7 and 5.8 JScript versions 5.7 and 5.8

Description A remote code execution issue exists due to a memory corruption flaw in the VBScript and JScript engines. This allows attackers to execute arbitrary code or cause a denial of service via a crafted replace operation with a JavaScript regular expression. An attacker who successfully exploits this issue could gain the same user rights as the current user, potentially taking control of an affected system if the user has administrative rights.

Recommendations For Internet Explorer versions 8 through 11, update to a version that includes the fix for this issue. For VBScript versions 5.7 and 5.8, consider disabling the scripting engine until a patch is available. For JScript versions 5.7 and 5.8, restrict the use of JavaScript regular expressions in replace operations to minimize the risk of exploitation.