CVE-2014-2817
published 2014-08-12CVE-2014-2817: Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege…
PriorityP181high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-15
Exploited in the wild
EPSS
26.35%
97.7th percentile
Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2m74-3m4w-28q3: Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil
ghsa_unreviewed·2022-05-14
CVE-2014-2817 [MEDIUM] GHSA-2m74-3m4w-28q3: Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil
Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
VulnCheck
Microsoft Internet Explorer Privilege Escalation Vulnerability
vulncheck·2014·CVSS 8.8
CVE-2014-2817 [HIGH] CWE-264 Microsoft Internet Explorer Privilege Escalation Vulnerability
Microsoft Internet Explorer Privilege Escalation Vulnerability
Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.
Affected: Microsoft Internet Explorer
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-06-15
CISA
Microsoft Internet Explorer Privilege Escalation Vulnerability
cisa·2022-05-25·CVSS 8.8
CVE-2014-2817 [HIGH] CWE-264 Microsoft Internet Explorer Privilege Escalation Vulnerability
Vulnerability: Microsoft Internet Explorer Privilege Escalation Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2014-2817
Remediation Due Date: 2022-06-15
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/69092http://www.securitytracker.com/id/1030715https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051http://www.securityfocus.com/bid/69092http://www.securitytracker.com/id/1030715https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-2817
2014-08-12
Published
2022-05-25
Added to CISA KEV
Exploited in the wild