cvelistv5 - CVE-2014-1770

CVE-2014-1770 (GCVE-0-2014-1770)

Vulnerability from cvelistv5 – Published: 2014-05-22 10:00 – Updated: 2024-08-06 09:50

Summary

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://zerodayinitiative.com/advisories/ZDI-14-140/	x_refsource_MISC
	http://www.securitytracker.com/id/1030266	vdb-entryx_refsource_SECTRACK
	http://www.kb.cert.org/vuls/id/239151	third-party-advisoryx_refsource_CERT-VN
	https://www.corelan.be/index.php/2014/05/22/on-cv…	x_refsource_MISC
	http://www.securityfocus.com/bid/67544	vdb-entryx_refsource_BID
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:50:11.049Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://zerodayinitiative.com/advisories/ZDI-14-140/"
          },
          {
            "name": "1030266",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030266"
          },
          {
            "name": "VU#239151",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/239151"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/"
          },
          {
            "name": "67544",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67544"
          },
          {
            "name": "MS14-035",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://zerodayinitiative.com/advisories/ZDI-14-140/"
        },
        {
          "name": "1030266",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030266"
        },
        {
          "name": "VU#239151",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/239151"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/"
        },
        {
          "name": "67544",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67544"
        },
        {
          "name": "MS14-035",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2014-1770",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-14-140/",
              "refsource": "MISC",
              "url": "http://zerodayinitiative.com/advisories/ZDI-14-140/"
            },
            {
              "name": "1030266",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030266"
            },
            {
              "name": "VU#239151",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/239151"
            },
            {
              "name": "https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/",
              "refsource": "MISC",
              "url": "https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/"
            },
            {
              "name": "67544",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67544"
            },
            {
              "name": "MS14-035",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2014-1770",
    "datePublished": "2014-05-22T10:00:00",
    "dateReserved": "2014-01-29T00:00:00",
    "dateUpdated": "2024-08-06T09:50:11.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A33FA7F-BB2A-4C66-B608-72997A2BD1DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A52E757F-9B41-43B4-9D67-3FEDACA71283\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C043EDDD-41BF-4718-BDCF-158BBBDB6360\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5808661-A082-4CBE-808C-B253972487B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de uso despu\\u00e9s de liberaci\\u00f3n en Microsoft Internet Explorer 8 permite a atacantes remotos ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de c\\u00f3digo JavaScript manipulado que no interact\\u00faa debidamente con una llamada de la funci\\u00f3n CollectGarbage function en un objeto CMarkup asignado por la funci\\u00f3n CMarkup::CreateInitialMarkup.\"}]",
      "id": "CVE-2014-1770",
      "lastModified": "2024-11-21T02:05:00.123",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-05-22T11:14:15.003",
      "references": "[{\"url\": \"http://www.kb.cert.org/vuls/id/239151\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/67544\", \"source\": \"secure@microsoft.com\", \"tags\": [\"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1030266\", \"source\": \"secure@microsoft.com\", \"tags\": [\"VDB Entry\"]}, {\"url\": \"http://zerodayinitiative.com/advisories/ZDI-14-140/\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Mitigation\", \"VDB Entry\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/239151\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/67544\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1030266\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\"]}, {\"url\": \"http://zerodayinitiative.com/advisories/ZDI-14-140/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"VDB Entry\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-1770\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2014-05-22T11:14:15.003\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en Microsoft Internet Explorer 8 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de c\u00f3digo JavaScript manipulado que no interact\u00faa debidamente con una llamada de la funci\u00f3n CollectGarbage function en un objeto CMarkup asignado por la funci\u00f3n CMarkup::CreateInitialMarkup.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A33FA7F-BB2A-4C66-B608-72997A2BD1DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A52E757F-9B41-43B4-9D67-3FEDACA71283\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C043EDDD-41BF-4718-BDCF-158BBBDB6360\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5808661-A082-4CBE-808C-B253972487B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF\"}]}]}],\"references\":[{\"url\":\"http://www.kb.cert.org/vuls/id/239151\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/67544\",\"source\":\"secure@microsoft.com\",\"tags\":[\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1030266\",\"source\":\"secure@microsoft.com\",\"tags\":[\"VDB Entry\"]},{\"url\":\"http://zerodayinitiative.com/advisories/ZDI-14-140/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Mitigation\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/239151\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/67544\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1030266\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\"]},{\"url\":\"http://zerodayinitiative.com/advisories/ZDI-14-140/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

GHSA-RQ65-297X-R8V7

Vulnerability from github – Published: 2022-05-14 02:32 – Updated: 2025-04-12 12:33

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-1770"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-05-22T11:14:00Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.",
  "id": "GHSA-rq65-297x-r8v7",
  "modified": "2025-04-12T12:33:58Z",
  "published": "2022-05-14T02:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1770"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
    },
    {
      "type": "WEB",
      "url": "https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/239151"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/67544"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030266"
    },
    {
      "type": "WEB",
      "url": "http://zerodayinitiative.com/advisories/ZDI-14-140"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2014-AVI-266

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 9
Microsoft	N/A	Internet Explorer 8
Microsoft	N/A	Internet Explorer 6
Microsoft	N/A	Internet Explorer 10
Microsoft	N/A	Internet Explorer 7
Microsoft	N/A	Internet Explorer 11

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS14-035 du 10 juin 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-1805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1805"
    },
    {
      "name": "CVE-2014-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1785"
    },
    {
      "name": "CVE-2014-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1762"
    },
    {
      "name": "CVE-2014-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1792"
    },
    {
      "name": "CVE-2014-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1791"
    },
    {
      "name": "CVE-2014-1770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1770"
    },
    {
      "name": "CVE-2014-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1790"
    },
    {
      "name": "CVE-2014-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1788"
    },
    {
      "name": "CVE-2014-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1774"
    },
    {
      "name": "CVE-2014-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1769"
    },
    {
      "name": "CVE-2014-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1797"
    },
    {
      "name": "CVE-2014-1780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1780"
    },
    {
      "name": "CVE-2014-2759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2759"
    },
    {
      "name": "CVE-2014-2766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2766"
    },
    {
      "name": "CVE-2014-2772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2772"
    },
    {
      "name": "CVE-2014-2769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2769"
    },
    {
      "name": "CVE-2014-2777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2777"
    },
    {
      "name": "CVE-2014-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1786"
    },
    {
      "name": "CVE-2014-1796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1796"
    },
    {
      "name": "CVE-2014-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1782"
    },
    {
      "name": "CVE-2014-2757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2757"
    },
    {
      "name": "CVE-2014-2758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2758"
    },
    {
      "name": "CVE-2014-2760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2760"
    },
    {
      "name": "CVE-2014-2755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2755"
    },
    {
      "name": "CVE-2014-2773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2773"
    },
    {
      "name": "CVE-2014-1800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1800"
    },
    {
      "name": "CVE-2014-1795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1795"
    },
    {
      "name": "CVE-2014-1778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1778"
    },
    {
      "name": "CVE-2014-2768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2768"
    },
    {
      "name": "CVE-2014-2767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2767"
    },
    {
      "name": "CVE-2014-1794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1794"
    },
    {
      "name": "CVE-2014-2771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2771"
    },
    {
      "name": "CVE-2014-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1775"
    },
    {
      "name": "CVE-2014-1771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1771"
    },
    {
      "name": "CVE-2014-1779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1779"
    },
    {
      "name": "CVE-2014-1783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1783"
    },
    {
      "name": "CVE-2014-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1789"
    },
    {
      "name": "CVE-2014-1804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1804"
    },
    {
      "name": "CVE-2014-1784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1784"
    },
    {
      "name": "CVE-2014-2764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2764"
    },
    {
      "name": "CVE-2014-2754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2754"
    },
    {
      "name": "CVE-2014-1802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1802"
    },
    {
      "name": "CVE-2014-2776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2776"
    },
    {
      "name": "CVE-2014-1799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1799"
    },
    {
      "name": "CVE-2014-1803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1803"
    },
    {
      "name": "CVE-2014-1772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1772"
    },
    {
      "name": "CVE-2014-2765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2765"
    },
    {
      "name": "CVE-2014-0282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0282"
    },
    {
      "name": "CVE-2014-2756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2756"
    },
    {
      "name": "CVE-2014-2775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2775"
    },
    {
      "name": "CVE-2014-1764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1764"
    },
    {
      "name": "CVE-2014-2763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2763"
    },
    {
      "name": "CVE-2014-2770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2770"
    },
    {
      "name": "CVE-2014-1773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1773"
    },
    {
      "name": "CVE-2014-1781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1781"
    },
    {
      "name": "CVE-2014-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1777"
    },
    {
      "name": "CVE-2014-1766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1766"
    },
    {
      "name": "CVE-2014-2761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2761"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-266",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-06-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Internet Explorer\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS14-035 du 10 juin 2014",
      "url": "https://technet.microsoft.com/fr-fr/library/security/ms14-035"
    }
  ]
}

CERTFR-2014-AVI-266

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 9
Microsoft	N/A	Internet Explorer 8
Microsoft	N/A	Internet Explorer 6
Microsoft	N/A	Internet Explorer 10
Microsoft	N/A	Internet Explorer 7
Microsoft	N/A	Internet Explorer 11

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS14-035 du 10 juin 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-1805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1805"
    },
    {
      "name": "CVE-2014-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1785"
    },
    {
      "name": "CVE-2014-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1762"
    },
    {
      "name": "CVE-2014-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1792"
    },
    {
      "name": "CVE-2014-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1791"
    },
    {
      "name": "CVE-2014-1770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1770"
    },
    {
      "name": "CVE-2014-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1790"
    },
    {
      "name": "CVE-2014-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1788"
    },
    {
      "name": "CVE-2014-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1774"
    },
    {
      "name": "CVE-2014-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1769"
    },
    {
      "name": "CVE-2014-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1797"
    },
    {
      "name": "CVE-2014-1780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1780"
    },
    {
      "name": "CVE-2014-2759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2759"
    },
    {
      "name": "CVE-2014-2766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2766"
    },
    {
      "name": "CVE-2014-2772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2772"
    },
    {
      "name": "CVE-2014-2769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2769"
    },
    {
      "name": "CVE-2014-2777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2777"
    },
    {
      "name": "CVE-2014-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1786"
    },
    {
      "name": "CVE-2014-1796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1796"
    },
    {
      "name": "CVE-2014-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1782"
    },
    {
      "name": "CVE-2014-2757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2757"
    },
    {
      "name": "CVE-2014-2758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2758"
    },
    {
      "name": "CVE-2014-2760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2760"
    },
    {
      "name": "CVE-2014-2755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2755"
    },
    {
      "name": "CVE-2014-2773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2773"
    },
    {
      "name": "CVE-2014-1800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1800"
    },
    {
      "name": "CVE-2014-1795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1795"
    },
    {
      "name": "CVE-2014-1778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1778"
    },
    {
      "name": "CVE-2014-2768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2768"
    },
    {
      "name": "CVE-2014-2767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2767"
    },
    {
      "name": "CVE-2014-1794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1794"
    },
    {
      "name": "CVE-2014-2771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2771"
    },
    {
      "name": "CVE-2014-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1775"
    },
    {
      "name": "CVE-2014-1771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1771"
    },
    {
      "name": "CVE-2014-1779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1779"
    },
    {
      "name": "CVE-2014-1783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1783"
    },
    {
      "name": "CVE-2014-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1789"
    },
    {
      "name": "CVE-2014-1804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1804"
    },
    {
      "name": "CVE-2014-1784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1784"
    },
    {
      "name": "CVE-2014-2764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2764"
    },
    {
      "name": "CVE-2014-2754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2754"
    },
    {
      "name": "CVE-2014-1802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1802"
    },
    {
      "name": "CVE-2014-2776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2776"
    },
    {
      "name": "CVE-2014-1799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1799"
    },
    {
      "name": "CVE-2014-1803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1803"
    },
    {
      "name": "CVE-2014-1772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1772"
    },
    {
      "name": "CVE-2014-2765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2765"
    },
    {
      "name": "CVE-2014-0282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0282"
    },
    {
      "name": "CVE-2014-2756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2756"
    },
    {
      "name": "CVE-2014-2775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2775"
    },
    {
      "name": "CVE-2014-1764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1764"
    },
    {
      "name": "CVE-2014-2763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2763"
    },
    {
      "name": "CVE-2014-2770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2770"
    },
    {
      "name": "CVE-2014-1773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1773"
    },
    {
      "name": "CVE-2014-1781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1781"
    },
    {
      "name": "CVE-2014-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1777"
    },
    {
      "name": "CVE-2014-1766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1766"
    },
    {
      "name": "CVE-2014-2761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2761"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-266",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-06-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Internet Explorer\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS14-035 du 10 juin 2014",
      "url": "https://technet.microsoft.com/fr-fr/library/security/ms14-035"
    }
  ]
}

FKIE_CVE-2014-1770

Vulnerability from fkie_nvd - Published: 2014-05-22 11:14 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://www.kb.cert.org/vuls/id/239151	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.securityfocus.com/bid/67544	VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1030266	VDB Entry
secure@microsoft.com	http://zerodayinitiative.com/advisories/ZDI-14-140/	Mitigation, VDB Entry
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035
secure@microsoft.com	https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/239151	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/67544	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030266	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://zerodayinitiative.com/advisories/ZDI-14-140/	Mitigation, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035
af854a3a-2127-422b-91ae-364da2661108	https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/	Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	internet_explorer	6
microsoft	internet_explorer	7
microsoft	internet_explorer	8
microsoft	internet_explorer	9
microsoft	internet_explorer	10
microsoft	internet_explorer	11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en Microsoft Internet Explorer 8 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de c\u00f3digo JavaScript manipulado que no interact\u00faa debidamente con una llamada de la funci\u00f3n CollectGarbage function en un objeto CMarkup asignado por la funci\u00f3n CMarkup::CreateInitialMarkup."
    }
  ],
  "id": "CVE-2014-1770",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-22T11:14:15.003",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/239151"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/67544"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030266"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Mitigation",
        "VDB Entry"
      ],
      "url": "http://zerodayinitiative.com/advisories/ZDI-14-140/"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/239151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/67544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "VDB Entry"
      ],
      "url": "http://zerodayinitiative.com/advisories/ZDI-14-140/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2014-1770

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-1770

Aliases

CVE-2014-1770

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-1770",
    "description": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.",
    "id": "GSD-2014-1770"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-1770"
      ],
      "details": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.",
      "id": "GSD-2014-1770",
      "modified": "2023-12-13T01:22:51.741760Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2014-1770",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://zerodayinitiative.com/advisories/ZDI-14-140/",
            "refsource": "MISC",
            "url": "http://zerodayinitiative.com/advisories/ZDI-14-140/"
          },
          {
            "name": "1030266",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030266"
          },
          {
            "name": "VU#239151",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/239151"
          },
          {
            "name": "https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/",
            "refsource": "MISC",
            "url": "https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/"
          },
          {
            "name": "67544",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/67544"
          },
          {
            "name": "MS14-035",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2014-1770"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-14-140/",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "VDB Entry"
              ],
              "url": "http://zerodayinitiative.com/advisories/ZDI-14-140/"
            },
            {
              "name": "https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/"
            },
            {
              "name": "VU#239151",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/239151"
            },
            {
              "name": "67544",
              "refsource": "BID",
              "tags": [
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/67544"
            },
            {
              "name": "1030266",
              "refsource": "SECTRACK",
              "tags": [
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1030266"
            },
            {
              "name": "MS14-035",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-12T22:06Z",
      "publishedDate": "2014-05-22T11:14Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-1770 (GCVE-0-2014-1770)

GHSA-RQ65-297X-R8V7

CERTFR-2014-AVI-266

Solution

CERTFR-2014-AVI-266

Solution

FKIE_CVE-2014-1770

GSD-2014-1770

Tags

Sightings

Nomenclature