Lucene search
SkyLinedZDI-14-352HistoryOct 14, 2014 - 12:00 a.m.
Microsoft Internet Explorer ConvertBitmaptoPng Heap Buffer Overflow Remote Code Execution Vulnerability
2014-10-1400:00:00
SkyLined
www.zerodayinitiative.com
12
0.154 Low
EPSS
Percentile
95.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. In addition, the user must allow the web page to access the clipboard when so prompted. The vulnerability relates to how Internet Explorer converts bitmap-format graphics to PNG-format graphics. A web page can define an image using SVG, which, when copied and pasted back into the document, will overflow a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.
Related
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Memory Corruption (MS14-056; CVE-2014-4138)
2014-10-14 00:00:00
symantec
symantec
cve
cve
nvd
nvd
prion
prion
Memory corruption
2014-10-15 10:55:00
Memory corruption
2014-10-15 10:55:00
Memory corruption
2014-10-15 10:55:00
cvelist
cvelist
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2987107)
2014-10-15 00:00:00
nessus
nessus
MS14-056: Cumulative Security Update for Internet Explorer (2987107)
2014-10-15 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2014-10-15 00:00:00
kaspersky
kaspersky
KLA10602 Multiple vulnerabilities in Microsoft Internet Explorer
2014-09-09 00:00:00