CVE-2014-4123
published 2014-10-15CVE-2014-4123: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege…
PriorityP181high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-15
Exploited in the wild
EPSS
40.29%
98.5th percentile
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability was exploited in the wild in October 2014 via a crafted web site targeting Internet Explorer 7 through 11, enabling privilege escalation by remote attackers ↗
- ·The vulnerability is described as 'unspecified' — no technical details, payload signatures, or specific exploitation mechanism are publicly disclosed in these sources, limiting precise detection rule authoring ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5xv2-v332-c8c2: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2014-4123 [MEDIUM] GHSA-5xv2-v332-c8c2: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124.
GHSA
GHSA-chx4-j4qm-7gqw: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil
ghsa_unreviewed·2022-05-14·CVSS 8.8
CVE-2014-4124 [HIGH] GHSA-chx4-j4qm-7gqw: Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privil
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-4123.
VulnCheck
Microsoft Internet Explorer Privilege Escalation Vulnerability
vulncheck·2014·CVSS 8.8
CVE-2014-4123 [HIGH] CWE-264 Microsoft Internet Explorer Privilege Escalation Vulnerability
Microsoft Internet Explorer Privilege Escalation Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.
Affected: Microsoft Internet Explorer
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cve.org/CVERecord?id=CVE-2014-4123; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-06-15
CISA
Microsoft Internet Explorer Privilege Escalation Vulnerability
cisa·2022-05-25·CVSS 8.8
CVE-2014-4123 [HIGH] CWE-264 Microsoft Internet Explorer Privilege Escalation Vulnerability
Vulnerability: Microsoft Internet Explorer Privilege Escalation Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2014-4123
Remediation Due Date: 2022-06-15
No detection rules found.
No public exploits indexed.
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspxhttp://secunia.com/advisories/60968http://www.securityfocus.com/bid/70326http://www.securitytracker.com/id/1031018https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspxhttp://secunia.com/advisories/60968http://www.securityfocus.com/bid/70326http://www.securitytracker.com/id/1031018https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-4123
2014-10-15
Published
2022-05-25
Added to CISA KEV
Exploited in the wild