Vulnerability Name: | CCN-110266 | ||||||
Published: | 2014-10-02 | ||||||
Updated: | 2014-10-02 | ||||||
Summary: | Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error when handling ScriptEngine objects. By persuading a victim to visit a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim. | ||||||
CVSS v3 Severity: | 8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 8.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C)
| ||||||
CVSS v2 Severity: | 9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
| ||||||
Vulnerability Consequences: | Gain Access | ||||||
References: | Source: CCN Type: Microsoft Web site Internet Explorer Source: XF Type: UNKNOWN ms-ie-scriptengine-code-exec(110266) Source: CCN Type: ZDI-14-349 (0Day) Microsoft Internet Explorer ScriptEngine Use-After-Free Remote Code Execution Vulnerability | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |