MS15-124: Vulnerability in Internet Explorer could lead to ASLR bypass: December 16, 2015
Content provided by Microsoft
Applies to: Internet Explorer 11Internet Explorer 10Windows Internet Explorer 9Windows Internet Explorer 8Windows Internet Explorer 7More
A security feature bypass for Internet Explorer exists as a result of how exceptions are handled when dispatching certain window messages, allowing an attacker to probe the layout of the address space and thereby bypassing Address Space Layout Randomization (ASLR). By itself, the ASLR bypass does not allow arbitrary code execution. However, an attacker could use this ASLR bypass in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code on a target system. Successful exploitation of the ASLR bypass requires a user to be logged on and running an affected version of Internet Explorer. The user would then need to browse to a malicious site.