Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2014-1770

Published: 22/05/2014 Updated: 12/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote malicious users to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet explorer 10

microsoft internet explorer 11

microsoft internet explorer 8

microsoft internet explorer 9

microsoft internet explorer 6

microsoft internet explorer 7

Exploits

Exploit DB: Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035)
<!-- Exploit Title: MS14-035 Internet Explorer CFormElement Use-after-free and memory corruption POC (no crash! see trace) Product: Internet Explorer Vulnerable version: 9,10 Date: 8072014 Exploit Author: Drozdova Liudmila, ITDefensor Vulnerability Research Team (itdefensorru/) Vendor Homepage: wwwmicrosoftcom/ Tested on: Wind ...

Recent Articles

Microsoft Updates June 2014 – Almost 60 IE and GDI+/TrueType RCE
Securelist • Kurt Baumgartner • 10 Jun 2014

Microsoft fixes a smaller set of software product code this month for “Critical” vulnerabilities, and a handful for “Important” fixes with MS014-030 through MS014-036. But whoa, almost 60 remote code execution flaws exist in the six versions of Internet Explorer and the Microsoft components that render fonts on your system! Not only is that a very long list of memory corruption issues, but one of the IE bug reports, credited to Peter Van Eeckhoutte, is over 180 days old. The fix and te...

Read more...

References

CWE-399http://zerodayinitiative.com/advisories/ZDI-14-140/https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/http://www.kb.cert.org/vuls/id/239151http://www.securityfocus.com/bid/67544http://www.securitytracker.com/id/1030266https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035https://nvd.nist.govhttps://www.exploit-db.com/exploits/34010/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook