Lucene search
Ashutosh Mehra (https://twitter.com/ashutoshmehra)ZDI-15-459HistoryOct 07, 2015 - 12:00 a.m.
Microsoft Internet Explorer CIERegistryHelper::SetSingleValue Sandbox Escape Vulnerability
2015-10-0700:00:00
Ashutosh Mehra (https://twitter.com/ashutoshmehra)
www.zerodayinitiative.com
16
0.006 Low
EPSS
Percentile
78.1%
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CIERegistryHelper::SetSingleValue API. When this API is used with a whitelisted registry entry, an attacker can modify privileged registry values via a registry link. An attacker can leverage this vulnerability to execute code under the context of the user at medium integrity.
Related
cvelist
cvelist
CVE-2015-2429
2015-08-15 00:00:00
nvd
nvd
CVE-2015-2429
2015-08-15 00:59:05
cve
cve
CVE-2015-2429
2015-08-15 00:59:05
zdi
zdi
symantec
symantec
prion
prion
Privilege escalation
2015-08-15 00:59:00
nessus
nessus
openvas
openvas
Microsoft Windows Privilege Elevation Vulnerabilities (3060716)
2015-08-12 00:00:00
googleprojectzero
googleprojectzero
Windows 10^H^H Symbolic Link Mitigations
2015-08-25 00:00:00
kaspersky
kaspersky
KLA10646 Multiple vulnerabilities in Microsoft Windows
2015-08-11 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2015-08-24 00:00:00