Vulnerability Details : CVE-2014-0307
Public exploit exists!
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption Vulnerability."
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-0307
97.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-0307
-
MS14-012 Microsoft Internet Explorer TextRange Use-After-Free
Disclosure Date: 2014-03-11First seen: 2020-04-26exploit/windows/browser/ms14_012_textrangeThis module exploits a use-after-free vulnerability found in Internet Explorer. The flaw was most likely introduced in 2013, therefore only certain builds of MSHTML are affected. In our testing with IE9, these vulnerable builds appear to be between 9.0.8112.16496 and
CVSS scores for CVE-2014-0307
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2014-0307
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0307
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012
Microsoft Security Bulletin MS14-012 - Critical | Microsoft Docs
-
http://www.exploit-db.com/exploits/32438
Microsoft Internet Explorer - TextRange Use-After-Free (MS14-012) (Metasploit) - Windows remote ExploitExploit
Products affected by CVE-2014-0307
- cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*