VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 9, 2015· Updated May 6, 2026

CVE-2015-2486

CVE-2015-2486

Description

Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory corruption in IE 7-11 and Edge allows remote code execution via crafted website.

Vulnerability

CVE-2015-2486 is a memory corruption vulnerability affecting Microsoft Internet Explorer 7 through 11 and Microsoft Edge. The vulnerability exists in how these browsers handle objects in memory when processing a specially crafted website [1][2]. Affected versions include Internet Explorer 7, 8, 9, 10, and 11 on supported Windows clients and servers, and Microsoft Edge on Windows 10 [1][2].

Exploitation

An attacker can exploit this vulnerability by hosting a crafted website designed to trigger memory corruption in the target browser. No authentication or special privileges are required; the attacker only needs to convince a user to visit the malicious site, typically via email or link [1]. The user interaction is limited to viewing the page.

Impact

Successful exploitation could allow the attacker to execute arbitrary code in the context of the current user. If the user has administrative rights, the attacker could gain full control of the system, including installing programs, viewing/changing data, and creating accounts [1]. The vulnerability is also rated Moderate on Windows servers due to reduced impact.

Mitigation

Microsoft released security updates in MS15-094 for Internet Explorer and MS15-095 for Microsoft Edge on September 8, 2015 [1][2]. Users should apply the cumulative updates (KB3089548 for IE, KB3081455 for Windows 10 containing Edge fixes) to protect against this vulnerability [1][2]. No workarounds are documented.

References
  1. Microsoft Security Bulletin MS15-094 - Critical
  2. Microsoft Security Bulletin MS15-095 - Critical

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Microsoft/Edge
    cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
  • Microsoft/Internet Explorer6 versions
    cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
    • (no CPE)range: 7-11
  • Microsoft/Microsoft Edgellm-create

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.