Hillstone Networks

RULE（RULE ID：317350）

Rule General Information


Release Date:		2017-04-26

Rule Name:		Microsoft Internet Explorer Shadow Filter Direction Integer Overflow Vulnerability -1 (CVE-2015-0036)

Severity:

CVE ID:

Rule Protection Details


Description:		Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability".

Impact:		An attacker can exploit the affected software with an integer overflow vulnerability. Successful exploit leads to execute arbitrary code, and failed exploit may disturb the software logic and cause denial of service.

Affected OS:		Windows

Reference:		MicrosoftSecurityBulletin:MS15-009 SecurityFocusBID:72446 SecurityTrackerID:1031723

Solutions

Microsoft has released a patch MS15-009 to eliminate the vulnerability. The patch can be downloaded at http://technet.microsoft.com/security/bulletin/MS15-009