ID CVE-2014-0307
Summary Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • Microsoft Internet Explorer 9
    cpe:2.3:a:microsoft:internet_explorer:9
CVSS
Base: 9.3 (as of 09-09-2016 - 14:58)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description MS14-012 Internet Explorer TextRange Use-After-Free. CVE-2014-0307. Remote exploit for windows platform
file exploits/windows/remote/32438.rb
id EDB-ID:32438
last seen 2016-02-03
modified 2014-03-22
platform windows
port
published 2014-03-22
reporter metasploit
source https://www.exploit-db.com/download/32438/
title Microsoft Internet Explorer - TextRange Use-After-Free MS14-012
type remote
metasploit via4
description This module exploits a use-after-free vulnerability found in Internet Explorer. The flaw was most likely introduced in 2013, therefore only certain builds of MSHTML are affected. In our testing with IE9, these vulnerable builds appear to be between 9.0.8112.16496 and 9.0.8112.16533, which implies the vulnerability shipped between August 2013, when it was introduced, until the fix issued in early March 2014.
id MSF:EXPLOIT/WINDOWS/BROWSER/MS14_012_TEXTRANGE
last seen 2019-03-24
modified 2017-07-24
published 2014-03-18
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms14_012_textrange.rb
title MS14-012 Microsoft Internet Explorer TextRange Use-After-Free
msbulletin via4
bulletin_id MS14-012
bulletin_url
date 2014-03-11T00:00:00
impact Remote Code Execution
knowledgebase_id 2925418
knowledgebase_url
severity Critical
title Cumulative Security Update for Internet Explorer
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS14-012.NASL
description The remote host is missing Internet Explorer (IE) Security Update 2925418. The installed version of IE is affected by multiple privilege escalation and memory corruption vulnerabilities that could allow an attacker to execute arbitrary code on the remote host. Additionally, the installed version of IE is affected by an information disclosure vulnerability.
last seen 2019-02-21
modified 2018-11-15
plugin id 72930
published 2014-03-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=72930
title MS14-012: Cumulative Security Update for Internet Explorer (2925418)
packetstorm via4
data source https://packetstormsecurity.com/files/download/125813/ms14_012_textrange.rb.txt
id PACKETSTORM:125813
last seen 2016-12-05
published 2014-03-20
reporter Jason Kratzer
source https://packetstormsecurity.com/files/125813/MS14-012-Internet-Explorer-TextRange-Use-After-Free.html
title MS14-012 Internet Explorer TextRange Use-After-Free
refmap via4
exploit-db 32438
ms MS14-012
Last major update 09-09-2016 - 14:58
Published 12-03-2014 - 01:15
Last modified 12-10-2018 - 18:05
Back to Top