Published: 11/06/2014 Updated: 12/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Microsoft Internet Explorer 11 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet explorer 11

<!-- Source: blogskylinednl/20161220001html Synopsis A specially crafted web-page can trigger a use-after-free vulnerability in Microsoft Internet Explorer 11 There is sufficient time between the free and reuse for an attacker to control the contents of the freed memory and exploit the vulnerability Known affected software, attack ...

<!-- Exploit Title: MS14-035 Internet Explorer CFormElement Use-after-free and memory corruption POC (no crash! see trace) Product: Internet Explorer Vulnerable version: 9,10 Date: 8072014 Exploit Author: Drozdova Liudmila, ITDefensor Vulnerability Research Team (itdefensorru/) Vendor Homepage: wwwmicrosoftcom/ Tested on: Wind ...

CWE-119 http://www.securityfocus.com/bid/67878 http://www.securitytracker.com/id/1030370 https://www.exploit-db.com/exploits/40946/http://packetstormsecurity.com/files/140233/Microsoft-Internet-Explorer-11-MSHTML-CSpliceTreeEngine-RemoveSplice-Use-After-Free.html http://blog.skylined.nl/20161220001.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035 https://nvd.nist.gov https://www.exploit-db.com/exploits/40946/

CVE-2014-1785

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect