Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
canvasImmunity CanvasIE_CMARKUP
HistoryFeb 14, 2014 - 4:55 p.m.

Immunity Canvas: IE_CMARKUP

2014-02-1416:55:00
Immunity Canvas
exploitlist.immunityinc.com
16

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON
Name ie_cmarkup
CVE CVE-2014-0322 Exploit Pack
VENDOR: Microsoft
NOTES:
- This exploits leaks a vtable pointer of a mshtml object in order to bypass ASLR
- We also leak the shellcode’s address so there’s no need for spraying the shellcode

This exploit has been tested on:
- Windows 7 Professional (x86) SP 1 on IE 10
- Windows 7 Enterprise (x86) SP 1 on IE 10

The following mshtml versions are vulnerables and has been tested:
- 10.00.9200.16521

Repeatability: Single
References: URL:http://technet.microsoft.com/security/bulletin/MS14-012
CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0322

Related

zdt 2
seebug 9
saint 4
cert 1
packetstorm 2
nessus 2
thn 2
checkpoint_advisories 2
threatpost 6
prion 1
msrc 1
symantec 1
attackerkb 2
exploitpack 1
metasploit 1
cve 1
cisa_kev 1
exploitdb 2
fireeye 1
openvas 1
securityvulns 1
mskb 1
zdt
zdt
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
2014-04-16 00:00:00
Internet Explorer 10 & Adobe Flash Player (12.0.0.70, 12.0.0.77) - CMarkup Use-After-Free
2014-04-15 00:00:00
seebug
seebug
Microsoft Internet Explorer内存破坏漏洞(CVE-2014-0322)
2014-03-12 00:00:00
Microsoft Internet Explorer释放后重用远程代码执行漏洞
2014-02-17 00:00:00
MS14-012 Internet Explorer CMarkup Use-After-Free
2014-07-01 00:00:00
saint
saint
Internet Explorer CMarkup Object Handling Use-after-free Vulnerability
2014-04-17 00:00:00
Internet Explorer CMarkup Object Handling Use-after-free Vulnerability
2014-04-17 00:00:00
Internet Explorer CMarkup Object Handling Use-after-free Vulnerability
2014-04-17 00:00:00
cert
cert
Internet Explorer CMarkup use-after-free vulnerability
2014-02-14 00:00:00
packetstorm
packetstorm
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
2014-04-16 00:00:00
MS14-012 Internet Explorer CMarkup Use-After-Free
2014-04-14 00:00:00
nessus
nessus
MS KB2934088: Vulnerability in Internet Explorer Could Allow Remote Code Execution
2014-02-20 00:00:00
MS14-012: Cumulative Security Update for Internet Explorer (2925418)
2014-03-11 00:00:00
thn
thn
CVE-2014-0322: Internet Explorer zero-day exploit targets US Military Intelligence
2014-02-14 20:18:00
F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability
2022-05-05 02:38:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Use-After-Free Code Execution (CVE-2014-0322)
2014-02-15 00:00:00
Infinity Exploit Kit Landing Page (CVE-2013-1347; CVE-2013-2423; CVE-2013-2465; CVE-2014-0322; CVE-2014-0502; CVE-2014-1776)
2014-06-10 00:00:00
threatpost
threatpost
IE Zero Day Exploits Increase Just Before Patch
2014-03-11 14:30:05
New IE Zero Day Found Targeting Military Intelligence
2014-02-14 14:27:27
Wekby APT 18 Exploiting Hacking Team Flash Zero Day
2015-07-09 14:50:54
prion
prion
Design/Logic Flaw
2014-02-14 16:55:00
msrc
msrc
Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322
2014-02-19 08:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2014-0322 Use-After-Free Remote Code Execution Vulnerability
2014-02-13 00:00:00
attackerkb
attackerkb
CVE-2014-0322
2014-02-14 00:00:00
Microsoft Internet Explorer Use-After-Free Vulnerability
2014-02-14 00:00:00
exploitpack
exploitpack
Microsoft Internet Explorer 10 - CMarkup Use-After-Free (MS14-012)
2014-04-14 00:00:00
metasploit
metasploit
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
2014-04-15 22:55:24
cve
cve
CVE-2014-0322
2014-02-14 16:55:00
cisa_kev
cisa_kev
Microsoft Internet Explorer Use-After-Free Vulnerability
2022-05-04 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer - CMarkup Use-After-Free (MS14-012) (Metasploit)
2014-04-16 00:00:00
Microsoft Internet Explorer 10 - CMarkup Use-After-Free (MS14-012)
2014-04-14 00:00:00
fireeye
fireeye
End of Life for Internet Explorer 8, 9 and 10
2016-01-12 14:49:00
openvas
openvas
Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2925418)
2014-02-18 00:00:00
securityvulns
securityvulns
Microsoft Internet Explorer multiple security vulnerabilities
2014-03-18 00:00:00
mskb
mskb
MS14-012: Cumulative security update for Internet Explorer: March 11, 2014
2014-03-11 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON
Related for IE_CMARKUP
zdt2seebug9saint4cert1packetstorm2nessus2thn2checkpoint_advisories2threatpost6prion1msrc1symantec1attackerkb2exploitpack1metasploit1cve1cisa_kev1exploitdb2fireeye1openvas1securityvulns1mskb1