ID CVE-2014-1770
Summary Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.
References
Vulnerable Configurations
  • Microsoft Internet Explorer 6
    cpe:2.3:a:microsoft:internet_explorer:6
  • Microsoft Internet Explorer 7
    cpe:2.3:a:microsoft:internet_explorer:7
  • Microsoft Internet Explorer 8
    cpe:2.3:a:microsoft:internet_explorer:8
  • Microsoft Internet Explorer 9
    cpe:2.3:a:microsoft:internet_explorer:9
  • Microsoft Internet Explorer 10
    cpe:2.3:a:microsoft:internet_explorer:10
  • Microsoft Internet Explorer 11
    cpe:2.3:a:microsoft:internet_explorer:11
CVSS
Base: 9.3 (as of 02-09-2016 - 17:59)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035). CVE-2014-0282,CVE-2014-1762,CVE-2014-1764,CVE-2014-1766,...
id EDB-ID:34010
last seen 2016-02-03
modified 2014-07-08
published 2014-07-08
reporter Drozdova Liudmila
source https://www.exploit-db.com/download/34010/
title Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC MS14-035
msbulletin via4
bulletin_id MS14-035
bulletin_url
date 2014-06-10T00:00:00
impact Remote Code Execution
knowledgebase_id 2969262
knowledgebase_url
severity Critical
title Cumulative Security Update for Internet Explorer
nessus via4
  • NASL family Windows
    NASL id SMB_IE_CVE_2014_1770.NASL
    description The remote host has a version of Microsoft Internet Explorer installed that is affected by a use-after-free remote code execution vulnerability related to the handling of CMarkup objects.
    last seen 2017-10-29
    modified 2014-06-12
    plugin id 74138
    published 2014-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74138
    title Microsoft Internet Explorer 8 CMarkup Use-After-Free Remote Code Execution
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS14-035.NASL
    description The remote host is missing Internet Explorer (IE) Security Update 2969262. The version of Internet Explorer installed on the remote host is affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to visit a specially crafted web page.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 74427
    published 2014-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74427
    title MS14-035: Cumulative Security Update for Internet Explorer (2969262)
refmap via4
bid 67544
cert-vn VU#239151
misc
ms MS14-035
sectrack 1030266
the hacker news via4
Last major update 06-09-2016 - 09:14
Published 22-05-2014 - 07:14
Last modified 12-10-2018 - 18:06
Back to Top