Internet Explorer Memory Corruption Vulnerability

Successful exploitation can allow a remote attacker to execute arbitrary code in the security context of the current user. If the user is running with administrative privileges, the attacker may be able to fully compromise the affected system. The vulnerability can also cause denial of service through memory corruption. Client systems are generally at higher risk, while server systems have somewhat reduced exposure due to Internet Explorer Enhanced Security Configuration.

No specific mitigating factors or workarounds for the memory corruption vulnerabilities were identified in the provided content. Practical exposure reduction includes limiting use of vulnerable Internet Explorer versions, operating users without administrative privileges, and relying on Internet Explorer Enhanced Security Configuration on Windows Server systems where applicable. Because exploitation requires the victim to load attacker-controlled web content, reducing browsing to untrusted sites and malicious advertisements can lower risk, but these are not vendor-stated fixes.

Apply Microsoft Security Update 3034682, released February 10, 2015, which addresses this vulnerability by changing how Internet Explorer handles objects in memory. For Internet Explorer 9, 10, and 11, Microsoft additionally required installation of both update 3021952 and update 3034196 for full protection, but CVE-2015-0045 itself is described as affecting Internet Explorer 6 through 8. Standard remediation is to deploy the relevant cumulative Internet Explorer security updates for the affected platform.