Lucene search

[email protected]CVE-2014-4138

HistoryOct 15, 2014 - 10:55 a.m.

CVE-2014-4138

2014-10-1510:55:08

CWE-20

[email protected]

web.nvd.nist.gov

cve-2014-4138

internet explorer

remote code execution

memory corruption

vulnerability

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.715 High

EPSS

Percentile

98.1%

JSON

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-4130 and CVE-2014-4132.

Affected configurations

NVD

Node

microsoftinternet_explorerMatch11-

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq11

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	11

References

blog.skylined.nl/20161221001.html

packetstormsecurity.com/files/140258/Microsoft-Internet-Explorer-11-MSHTML-CPasteCommand-ConvertBitmaptoPng-Buffer-Overflow.html

secunia.com/advisories/60968

www.securityfocus.com/bid/70340

www.securitytracker.com/id/1031018

docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056

www.exploit-db.com/exploits/40960/

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.715 High

EPSS

Percentile

98.1%

JSON

Related for CVE-2014-4138

cve2 nvd3 prion3 cvelist3 checkpoint_advisories3 zdi2 symantec3 openvas1 nessus1 securityvulns1 kaspersky1