CVE-2014-1770 - Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to

CVE-2014-1770

Summary

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 12-10-2018 - 22:06)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

msbulletin via4

bulletin_id	MS14-035
bulletin_url
date	2014-06-10T00:00:00
impact	Remote Code Execution
knowledgebase_id	2969262
knowledgebase_url
severity	Critical
title	Cumulative Security Update for Internet Explorer

refmap via4

bid	67544
cert-vn	VU#239151
misc	http://zerodayinitiative.com/advisories/ZDI-14-140/ https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/
sectrack	1030266

Last major update

12-10-2018 - 22:06

Published

22-05-2014 - 11:14

Last modified

12-10-2018 - 22:06