Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1763

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2014-1763
Last Modified 24 Jul 2014 12:58:42
Published 27 Apr 2014 06:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1763

Summary

Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

Vulnerable Systems

Application

  • Microsoft Internet Explorer 11


References

MISC - http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/

MISC - http://twitter.com/thezdi/statuses/443855973673754624

SECTRACK - 1030532

MS - MS14-037

SECUNIA - 59775

BUGTRAQ - 20140716 VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014)

Related Patches

MS14-037 Cumulative Security Update for Internet Explorer 8 for WEPOS and POSReady 2009 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 7 for WEPOS and POSReady 2009 (KB2962872)


Last Updated: 27 May 2016 11:05:48