Vulnerability in Microsoft Internet_explorer
CVE-2014-1764
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competitio…
EPSS: 0.711 (98.7th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Internet_explorer — versions 7, 8, 9
- N/a — versions n/a
Weakness classification (CWE)
References
- 1030370 (vdb-entry, x_refsource_SECTRACK)
- secure@microsoft.com (x_refsource_MISC)
- 20140716 VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014) (mailing-list, x_refsource_BUGTRAQ)
- MS14-035 (x_refsource_MS, vendor-advisory)
- secure@microsoft.com (x_refsource_MISC)
- 67295 (vdb-entry, x_refsource_BID)