Lucene search
AbdulAziz Hariri of HP Zero Day InitiativeMatt Molinyawe of HP Zero Day InitiativeJasiel Spelman of HP Zero Day InitiativeZDI-14-270HistoryJul 30, 2014 - 12:00 a.m.
(0Day) (Pwn2Own\Pwn4Fun) Microsoft Internet Explorer localhost Protected Mode Bypass Vulnerability
2014-07-3000:00:00
AbdulAziz Hariri of HP Zero Day InitiativeMatt Molinyawe of HP Zero Day InitiativeJasiel Spelman of HP Zero Day Initiative
www.zerodayinitiative.com
46
0.828 High
EPSS
Percentile
98.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ability to trick the broker into loading a malicious page in a privileged context. The issue lies in the implicit trust of navigating to localhost. An attacker can leverage this vulnerability along with proxy shellcode to execute code under the context of the current user at medium integrity.
Related
zdi
zdi
cve
cve
CVE-2014-1762
2014-04-27 10:55:03
cvelist
cvelist
CVE-2014-1762
2014-04-27 10:00:00
prion
prion
Design/Logic Flaw
2014-04-27 10:55:00
nvd
nvd
CVE-2014-1762
2014-04-27 10:55:03
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1762)
2014-06-10 00:00:00
mskb
mskb
MS14-035: Cumulative security update for Internet Explorer: June 10, 2014
2014-06-10 00:00:00
nessus
nessus
MS14-035: Cumulative Security Update for Internet Explorer (2969262)
2014-06-11 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2969262)
2014-06-11 00:00:00
kaspersky
kaspersky
KLA10010 Multiple vulnerabilities at Microsoft Internet Explorer
2014-06-10 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2014-07-21 00:00:00