Lucene search
Zeguang Zhao of Team509Liang Chen of KeenTeamZDI-14-292HistoryAug 07, 2014 - 12:00 a.m.
(0Day) (Pwn2Own) Microsoft Internet Explorer PresentationHost.exe Protected Mode Bypass Vulnerability
2014-08-0700:00:00
Zeguang Zhao of Team509Liang Chen of KeenTeam
www.zerodayinitiative.com
28
0.016 Low
EPSS
Percentile
87.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of entries within the ElevationPolicy. The issue lies in the ability to call PresentationHost.exe to load a page outside of the sandbox. An attacker can leverage this vulnerability to execute code in the context of the current user at medium integrity.
Related
cve
cve
CVE-2014-2819
2014-08-12 21:55:07
prion
prion
Privilege escalation
2014-08-12 21:55:00
symantec
symantec
cvelist
cvelist
CVE-2014-2819
2014-08-12 21:00:00
nvd
nvd
CVE-2014-2819
2014-08-12 21:55:07
nessus
nessus
MS14-051: Cumulative Security Update for Internet Explorer (2976627)
2014-08-12 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2976627)
2014-08-13 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2014-09-15 00:00:00
kaspersky
kaspersky
KLA10602 Multiple vulnerabilities in Microsoft Internet Explorer
2014-09-09 00:00:00