Tuesday, 10 February 2015

Microsoft Internet Explorer CShadow Direction Integer Overflow Remote Code Execution CVE-2015-0036 (MS15-009)

In this months bulletin Microsoft has fixed multiple vulnerabilities in Internet Explorer including one which was mine. It was an integer overflow in the CShadow filter which could lead to remote code execution. It affected Internet Explorer 10 and 11. You can find the original ZDI advisory here and the Microsoft Bulletin here.

There is some confusion when it comes to CVE assignment, as Microsoft acknowledged me for CVE-2015-0035 (also credited to Sky) while ZDI marked my bug CVE-2015-0036 which is credited to an anonymous researcher on the bulletin page. I will update this post if something changes regarding to that.


  1. I am truly pleased to read this website posts which carries lots of helpful data, thanks for providing these kinds of statistics. Curso de wordpress

  2. Affiliate marketing is a valuable online marketing programme. As a starting point, any above average Internet marketing service affiliate programme does not ask for any fees for membership or any services not provided. click here

  3. It is truly baffling to see how such a varied and diverse realm can have such a significant place in the world. http://merchantside.com/