Vulnerability Details : CVE-2014-4138
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4132.
Vulnerability category: Memory CorruptionInput validationExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-4138
Probability of exploitation activity in the next 30 days: 18.02%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-4138
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2014-4138
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4138
-
http://www.securityfocus.com/bid/70340
Microsoft Internet Explorer CVE-2014-4138 Remote Memory Corruption Vulnerability
-
https://www.exploit-db.com/exploits/40960/
Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap Buffer Overflow (MS14-056) - Windows dos Exploit
-
http://blog.skylined.nl/20161221001.html
MSIE 11 MSHTML CPasteCommand::ConvertBitmaptoPng heap-based buffer overflow
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056
Microsoft Security Bulletin MS14-056 - Critical | Microsoft Docs
-
http://www.securitytracker.com/id/1031018
Microsoft Internet Explorer Mulitple Flaws Let Remote Users Execute Arbitrary Code and Bypass the ASLR Security Feature - SecurityTracker
-
http://packetstormsecurity.com/files/140258/Microsoft-Internet-Explorer-11-MSHTML-CPasteCommand-ConvertBitmaptoPng-Buffer-Overflow.html
Microsoft Internet Explorer 11 MSHTML CPasteCommand::ConvertBitmaptoPng Buffer Overflow ≈ Packet Storm
Products affected by CVE-2014-4138
- cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*