Microsoft Internet Explorer 8 through 11 allows remote malicious users to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-1778.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet explorer 9 |
||
microsoft internet explorer 8 |
||
microsoft internet explorer 10 |
||
microsoft internet explorer 11 |
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Security outlet VUPEN has revealed it held onto a critical Internet Explorer vulnerability for three years before disclosing it at the March Pwn2Own hacker competition. The company wrote in a disclosure last week it discovered the vulnerability (CVE-2014-2777) on 12 February 2011 which was patched by Microsoft on 17 June (MS14-035). The flaw affected Internet Explorer browsers eight through eleven and allowed remote attackers to bypass the protected mode sandbox. "The vulnerability is caused due...