CVE-2014-0325 - Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arb

CVE-2014-0325

Summary

Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that triggers improper processing of CElement objects, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755. NOTE: MS14-018 originally had a typo of CVE-2014-0235 for this. <a href="http://cwe.mitre.org/data/definitions/416.html" target="_blank">CWE-416: Use After Free</a>

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 12-10-2018 - 22:05)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

msbulletin via4

bulletin_id	MS14-018
bulletin_url
date	2014-04-08T00:00:00
impact	Remote Code Execution
knowledgebase_id	2950467
knowledgebase_url
severity	Critical
title	Cumulative Security Update for Internet Explorer

refmap via4

bid	66646
misc	http://zerodayinitiative.com/advisories/ZDI-14-078/

Last major update

12-10-2018 - 22:05

Published

03-07-2014 - 14:55

Last modified

12-10-2018 - 22:05