CVE-2014-4138
published 2014-10-15CVE-2014-4138: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka…
PriorityP262critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
32.24%
98.1th percentile
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4132.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect SVG files delivered via web that invoke designMode + execCommand Copy/Paste sequence in JavaScript, which triggers the CPasteCommand::ConvertBitmaptoPng heap overflow in MSHTML on IE11. ↗
- →The vulnerable code path allocates memory using uBitmapSize but reads *puPngImageSize bytes into it; monitor for heap corruption in MSHTML when PNG output is larger than BMP input during clipboard paste operations. ↗
- →Flag web pages that programmatically invoke document.designMode='on' combined with execCommand Copy and Paste calls, as this is the trigger mechanism for CVE-2014-4138 exploitation. ↗
- →Look for the assembly address sequence at 6f3818fd (MSHTML) and the vulnerable allocation call at 6f38199d (TSmartArray::New with uBitmapSize) as crash/exploit indicators in IE11 memory dumps. ↗
- ·The assembly addresses (e.g., 6f3818fd, 6f38199d) are specific to the MSHTML.dll version analyzed and may differ across patch levels or system configurations. ↗
- ·The exploit requires scripting to be enabled in the browser zone; disabling scripts prevents the programmatic copy/paste trigger, though social engineering via keyboard shortcuts remains a residual risk. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wh5r-m2hg-jcv2: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-4132 [CRITICAL] CWE-20 GHSA-wh5r-m2hg-jcv2: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4138.
GHSA
GHSA-4cr4-j8fx-567m: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-4130 [CRITICAL] CWE-20 GHSA-4cr4-j8fx-567m: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4132 and CVE-2014-4138.
GHSA
GHSA-jrf9-mm8v-9gp9: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-4138 [CRITICAL] CWE-20 GHSA-jrf9-mm8v-9gp9: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4132.
No detection rules found.
http://blog.skylined.nl/20161221001.htmlhttp://packetstormsecurity.com/files/140258/Microsoft-Internet-Explorer-11-MSHTML-CPasteCommand-ConvertBitmaptoPng-Buffer-Overflow.htmlhttp://secunia.com/advisories/60968http://www.securityfocus.com/bid/70340http://www.securitytracker.com/id/1031018https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056https://www.exploit-db.com/exploits/40960/http://blog.skylined.nl/20161221001.htmlhttp://packetstormsecurity.com/files/140258/Microsoft-Internet-Explorer-11-MSHTML-CPasteCommand-ConvertBitmaptoPng-Buffer-Overflow.htmlhttp://secunia.com/advisories/60968http://www.securityfocus.com/bid/70340http://www.securitytracker.com/id/1031018https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056https://www.exploit-db.com/exploits/40960/
2014-10-15
Published