CVE-2014-1765

2014-04-2710:55:03

CWE-399

[email protected]

web.nvd.nist.gov

cve-2014-1765

microsoft

internet explorer

use-after-free

vulnerabilities

remote attackers

arbitrary code

pwn2own

cansecwest 2014

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.888 High

EPSS

Percentile

98.7%

JSON

Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.

Affected configurations

NVD

Node

microsoftinternet_explorerMatch6

microsoftinternet_explorerMatch7

microsoftinternet_explorerMatch8

microsoftinternet_explorerMatch9

microsoftinternet_explorerMatch10

microsoftinternet_explorerMatch11

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq6
microsoft:internet_explorermicrosoft internet explorereq7
microsoft:internet_explorermicrosoft internet explorereq8
microsoft:internet_explorermicrosoft internet explorereq9
microsoft:internet_explorermicrosoft internet explorereq10
microsoft:internet_explorermicrosoft internet explorereq11

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	6
microsoft:internet_explorer	microsoft internet explorer	eq	7
microsoft:internet_explorer	microsoft internet explorer	eq	8
microsoft:internet_explorer	microsoft internet explorer	eq	9
microsoft:internet_explorer	microsoft internet explorer	eq	10
microsoft:internet_explorer	microsoft internet explorer	eq	11