← back
CVE-2014-1766

CVE-2014-1766

EPSS 33.1%
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure referred to triggering a kernel bug with the Internet Explorer exploit payload, but this ID is not for a kernel vulnerability.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/34010unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035http://twitter.com/thezdi/statuses/444216845734666240http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/http://www.securityfocus.com/bid/67518http://www.securitytracker.com/id/1030370