Executive Summary

Informations
NameCVE-2014-2757First vendor Publication2014-06-11
VendorCveLast vendor Modification2018-10-12

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-1803.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2757

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24921
 
Oval ID: oval:org.mitre.oval:def:24921
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2757) - MS14-035
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-1803.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2757
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application6

ExploitDB Exploits

idDescription
2014-11-10Internet Explorer 8 MS14-035 Use-After-Free Exploit
2014-07-08Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption Po...
2014-06-24Internet Explorer 8, 9 & 10 - CInput Use-After-Free Crash PoC (MS14-035)

Information Assurance Vulnerability Management (IAVM)

DateDescription
2014-06-12IAVM : 2014-A-0079 - Cumulative Security Update for Microsoft Internet Explorer
Severity : Category I - VMSKEY : V0052493

Snort® IPS/IDS

DateDescription
2019-06-18Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 50124 - Revision : 1 - Type : BROWSER-IE
2019-06-18Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 50123 - Revision : 1 - Type : BROWSER-IE
2019-06-04Javascript CollectGarbage use-after-free attempt
RuleID : 50005 - Revision : 1 - Type : BROWSER-IE
2019-06-04Javascript CollectGarbage use-after-free attempt
RuleID : 50004 - Revision : 1 - Type : BROWSER-IE
2019-03-05Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 49083 - Revision : 2 - Type : BROWSER-IE
2016-03-15Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 37634 - Revision : 1 - Type : BROWSER-IE
2016-03-15Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 37633 - Revision : 3 - Type : BROWSER-IE
2015-07-15Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 34874 - Revision : 3 - Type : BROWSER-IE
2015-07-15Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 34873 - Revision : 4 - Type : BROWSER-IE
2015-06-03Microsoft Internet Explorer onpagehide use after free attempt
RuleID : 34299 - Revision : 3 - Type : BROWSER-IE
2015-02-24Microsoft Internet Explorer CClipStack array index exploitation attempt
RuleID : 33158 - Revision : 3 - Type : BROWSER-IE
2015-02-24Microsoft Internet Explorer CClipStack array index exploitation attempt
RuleID : 33157 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer celement use after free
RuleID : 31404 - Revision : 5 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer celement use after free
RuleID : 31403 - Revision : 5 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer WindowedMarkupContext use after free attempt
RuleID : 31220 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer WindowedMarkupContext use after free attempt
RuleID : 31219 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer use after free attempt
RuleID : 31216 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer use after free attempt
RuleID : 31215 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer CDispNode use after free attempt
RuleID : 31209 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer CDispNode use after free attempt
RuleID : 31208 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer 11 CTreePos child element use-after-free attempt
RuleID : 31207 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer 11 CTreePos child element use-after-free attempt
RuleID : 31206 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer celement use after free attempt
RuleID : 31205 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer celement use after free attempt
RuleID : 31204 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer CRangeSaver use after free attempt
RuleID : 31203 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer CRangeSaver use after free attempt
RuleID : 31202 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer summary node swap use after free attempt
RuleID : 31201 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer summary node swap use after free attempt
RuleID : 31200 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer use after free attempt
RuleID : 31199 - Revision : 4 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer use after free attempt
RuleID : 31198 - Revision : 4 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer CTreeNode onmousemove use-after-free attempt
RuleID : 31197 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer CTreeNode onmousemove use-after-free attempt
RuleID : 31196 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer onpagehide use after free attempt
RuleID : 31194 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer 11 use after free attempt
RuleID : 31193 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer 11 use after free attempt
RuleID : 31192 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer RemoveSplice use-after-free attempt
RuleID : 31191 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer RemoveSplice use-after-free attempt
RuleID : 31190 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer isIndex attribute overflow attempt
RuleID : 31189 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer isIndex attribute overflow attempt
RuleID : 31188 - Revision : 2 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

DateDescription
2014-06-11Name : The remote host has a web browser that is affected by multiple vulnerabilities.
File : smb_nt_ms14-035.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/67842
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14...
SECTRACK http://www.securitytracker.com/id/1030370

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
DateInformations
2018-10-13 05:18:45
  • Multiple Updates
2015-12-22 21:25:10
  • Multiple Updates
2014-06-26 09:24:51
  • Multiple Updates
2014-06-18 09:24:25
  • Multiple Updates
2014-06-16 05:23:13
  • Multiple Updates
2014-06-11 21:24:12
  • Multiple Updates
2014-06-11 13:24:36
  • Multiple Updates
2014-06-11 09:22:13
  • First insertion