9.3
CVE-2014-1770
- EPSS 34.77%
- Veröffentlicht 22.05.2014 11:14:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version6
Microsoft ≫ Internet Explorer Version7
Microsoft ≫ Internet Explorer Version8
Microsoft ≫ Internet Explorer Version9
Microsoft ≫ Internet Explorer Version10
Microsoft ≫ Internet Explorer Version11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 34.77% | 0.982 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035
http://www.kb.cert.org/vuls/id/239151
http://www.securityfocus.com/bid/67544
http://www.securitytracker.com/id/1030266
http://zerodayinitiative.com/advisories/ZDI-14-140/
https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/