XLAB ID: XLAB-15-010     

CVE ID: CVE-2015-2494     

Patch Status: Fixed

Vulnerability Details:
The vulnerability relates to how Internet Explorer processes the DOM objects. By manipulating a document’s elements an attacker can force an out-of-bounds memory access ocurring. An attacker can leverage this vulnerability to execute code under the context of the current process.

Disclosure Timeline:

2015/07/03 Provide vulnerability detail to Micorsoft via secure@micorsoft.com
2015/07/04 Microsoft responded that they had opend case 30590 for the issue
2015/07/21 Micorsoft responded that they had successfully reproduced the issue, and had been working on a fix
2015/08/18 Microsoft asked how would you like to be acknowledged
2015/09/09 The issue was fiexed with MS15-094

This vulnerability was discovered by:   Kai Kang