CVE-2014-4123
CVE-2014-4123
In short
Internet Explorer versions 7 through 11 have a flaw that allows attackers to gain elevated privileges on a victim's computer by tricking them into visiting a malicious website. This is dangerous because the attacker can then perform actions with administrator-level permissions.
Technical detail
An elevation of privilege vulnerability exists in Internet Explorer 7-11 where a remote attacker can craft a malicious web page that, when visited by a user, exploits the vulnerability to gain SYSTEM or administrative privileges. The attack requires user interaction (visiting the malicious site) and was actively exploited in the wild in October 2014.
Summary generated and translated by AI from the official description.
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspxhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056http://secunia.com/advisories/60968https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-4123http://www.securityfocus.com/bid/70326http://www.securitytracker.com/id/1031018