CVE-2014-1764
published 2014-04-27CVE-2014-1764: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object…
PriorityP267critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
37.12%
98.3th percentile
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Internet Explorer up to 11 access control (MS14-035 / EDB-33860)
vuldb·2026-05-12·CVSS 10.0
CVE-2014-1764 [CRITICAL] Microsoft Internet Explorer up to 11 access control (MS14-035 / EDB-33860)
A vulnerability has been found in Microsoft Internet Explorer 7/8/9/10/11 and classified as critical. Affected is an unknown function. Performing a manipulation results in improper access controls.
This vulnerability is known as CVE-2014-1764. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
Applying a patch is the recommended action to fix this issue.
GHSA
GHSA-93x2-gx5j-v5g5: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "ob
ghsa_unreviewed·2022-05-14
CVE-2014-1764 [HIGH] GHSA-93x2-gx5j-v5g5: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "ob
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
No detection rules found.
http://twitter.com/thezdi/statuses/443855973673754624http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/http://www.securityfocus.com/archive/1/532798/100/0/threadedhttp://www.securityfocus.com/bid/67295http://www.securitytracker.com/id/1030370https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035http://twitter.com/thezdi/statuses/443855973673754624http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/http://www.securityfocus.com/archive/1/532798/100/0/threadedhttp://www.securityfocus.com/bid/67295http://www.securitytracker.com/id/1030370https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035
2014-04-27
Published