Vulnerability Details : CVE-2014-0307
Public exploit exists!
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption Vulnerability."
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-0307
Probability of exploitation activity in the next 30 days: 97.32%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2014-0307
-
MS14-012 Microsoft Internet Explorer TextRange Use-After-Free
Disclosure Date: 2014-03-11First seen: 2020-04-26exploit/windows/browser/ms14_012_textrangeThis module exploits a use-after-free vulnerability found in Internet Explorer. The flaw was most likely introduced in 2013, therefore only certain builds of MSHTML are affected. In our testing with IE9, these vulnerable builds appear to be between 9.0.8112.16496 and
CVSS scores for CVE-2014-0307
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2014-0307
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0307
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012
Microsoft Security Bulletin MS14-012 - Critical | Microsoft Docs
-
http://www.exploit-db.com/exploits/32438
Microsoft Internet Explorer - TextRange Use-After-Free (MS14-012) (Metasploit) - Windows remote ExploitExploit
Products affected by CVE-2014-0307
- cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*