CVE-2014-1770

Severity

93%

Complexity

86%

Confidentiality

165%

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Microsoft Internet Explorer

First reported 10 years ago

2014-05-22 11:14:00

Last updated 6 years ago

2018-10-12 22:06:00

Affected Software

Microsoft Internet Explorer 6

6

Microsoft Internet Explorer 7

7

Microsoft Internet Explorer 8

8

Microsoft Internet Explorer 9

9

Microsoft Internet Explorer 10

10

References

VU#239151

Third Party Advisory, US Government Resource

67544

VDB Entry

1030266

VDB Entry

http://zerodayinitiative.com/advisories/ZDI-14-140/

Mitigation, VDB Entry

MS14-035

https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.