Overview
Microsoft Internet Explorer 8 contains a use-after-free vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
Microsoft Internet Explorer 8 contains a use-after-free vulnerability. This can allow for arbitrary code execution. Additional details may be found in the Zero Day Initiative advisory ZDI-14-140. |
Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code. |
Solution
Apply an Update Users should upgrade to Internet Explorer 11. |
Use the Microsoft Enhanced Mitigation Experience Toolkit |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Microsoft Corporation | Affected | - | 21 May 2014 |
If you are a vendor and your product is affected, let us know.
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Temporal | 6.5 | E:H/RL:W/RC:C |
| Environmental | 8.2 | CDP:MH/TD:H/CR:H/IR:H/AR:L |
References
- http://zerodayinitiative.com/advisories/ZDI-14-140/
- https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/
Credit
This vulnerability was discovered by Peter 'corelanc0d3r' Van Eeckhoutte and coordinated by the Zero Day Initiative.
This document was written by Jared Allar.
Other Information
- CVE IDs: CVE-2014-1770
- Date Public: 21 5월 2014
- Date First Published: 21 5월 2014
- Date Last Updated: 22 5월 2014
- Document Revision: 9
'취약점 정보1' 카테고리의 다른 글
| 2014-05-25 취약점 정보 (0) | 2014.05.25 |
|---|---|
| Bizagi BPM Suite contains multiple vulnerabilities (0) | 2014.05.23 |
| Cisco ISE RADIUS Service 서비스 거부 취약점 보안업데이트 권고 (0) | 2014.05.23 |
| One RCE Vulnerability to Hack Yahoo, Microsoft, Orange (0) | 2014.05.22 |
| Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability (0) | 2014.05.22 |