Executive Summary
Summary | |
---|---|
Title | Microsoft Internet Explorer 8 CMarkup use-after-free vulnerability |
Informations | |||
---|---|---|---|
Name | VU#239151 | First vendor Publication | 2014-05-21 |
Vendor | VU-CERT | Last vendor Modification | 2014-05-23 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#239151Microsoft Internet Explorer 8 CMarkup use-after-free vulnerabilityOverviewMicrosoft Internet Explorer 8 contains a use-after-free vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThis vulnerability was discovered by Peter 'corelanc0d3r' Van Eeckhoutte and coordinated by the Zero Day Initiative. This document was written by Jared Allar. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/239151 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:24170 | |||
Oval ID: | oval:org.mitre.oval:def:24170 | ||
Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2014-1770) - MS14-035 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1770 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-06-12 | IAVM : 2014-A-0079 - Cumulative Security Update for Microsoft Internet Explorer Severity : Category I - VMSKEY : V0052493 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-11 | Name : The remote host has a web browser that is affected by multiple vulnerabilities. File : smb_nt_ms14-035.nasl - Type : ACT_GATHER_INFO |
2014-05-22 | Name : The remote host has a version of Internet Explorer installed that is affected... File : smb_ie_cve_2014_1770.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-08 13:28:00 |
|
2014-05-23 21:21:06 |
|
2014-05-23 17:24:48 |
|
2014-05-23 13:23:57 |
|
2014-05-22 21:21:31 |
|
2014-05-22 17:25:06 |
|
2014-05-22 00:19:47 |
|