Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-1771Microsoft Internet Explorer vulnerability

CWE-3105 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
13.4%
top 5.78%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedJun 11
Latest updateMay 14

Description

SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/internet_explorer6 versions+5

🔴Vulnerability Details

1
GHSA
GHSA-x384-p6fm-q24w: SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X2022-05-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035)2014-07-08

🕵️Threat Intelligence

2
Talos
Microsoft Update Tuesday June 2014: Internet Explorer, Internet Explorer, Internet Explorer2014-06-10
Talos
Microsoft Update Tuesday June 2014: Internet Explorer, Internet Explorer, Internet Explorer2014-06-10
CVE-2014-1771 — Microsoft vulnerability | cvebase