Microsoft Internet Explorer And Microsoft Edge Object Use-After-Free Remote Code Execution Vulnerability

XLAB ID: XLAB-15-025     

CVE ID: CVE-2015-1752     

Patch Status: Fixed

Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer and Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. An attacker can leverage this vulnerability to execute code under the context of the current process.

Disclosure Timeline:

2015/03/05 provide vulnerability detail to Microsoft Security Response Center via
2015/04/01 Microsoft Security Response Center automatic reply
2015/06/09 Microsoft Security Response Center assigned CVE-ID CVE-2015-1752

This vulnerability was discovered by:   exp-sky