CVE-2014-1765 - Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote att

CVE-2014-1765

Summary

Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*

CVSS

Base:	7.6 (as of 12-10-2018 - 22:05)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:C/I:C/A:C

msbulletin via4

bulletin_id	MS14-037
bulletin_url
date	2014-07-08T00:00:00
impact	Remote Code Execution
knowledgebase_id	2975687
knowledgebase_url
severity	Critical
title	Cumulative Security Update for Internet Explorer

refmap via4

misc	http://twitter.com/thezdi/statuses/444216845734666240 http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/
sectrack	1030532
secunia	59775

Last major update

12-10-2018 - 22:05

Published

27-04-2014 - 10:55

Last modified

12-10-2018 - 22:05