Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1764

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2014-1764
Last Modified 24 Jul 2014 12:58:42
Published 27 Apr 2014 06:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1764

Summary

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

Vulnerable Systems

Application

  • Microsoft Internet Explorer 11


References

MISC - http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/

MISC - http://twitter.com/thezdi/statuses/443855973673754624

MS - MS14-035

BID - 67295

SECTRACK - 1030370

BUGTRAQ - 20140716 VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014)


Last Updated: 27 May 2016 11:05:54