CVE-2014-6350
published 2014-11-11CVE-2014-6350: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege…
PriorityP430medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
20.56%
97.2th percentile
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6349.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x5wf-rqc7-v8cv: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege
ghsa_unreviewed·2022-05-14·CVSS 4.3
CVE-2014-6350 [MEDIUM] GHSA-x5wf-rqc7-v8cv: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6349.
GHSA
GHSA-qf7r-rxmh-rxjm: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege
ghsa_unreviewed·2022-05-14·CVSS 4.3
CVE-2014-6349 [MEDIUM] GHSA-qf7r-rxmh-rxjm: Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6350.
Project0
Internet Explorer EPM Sandbox Escape CVE-2014-6350 - Project Zero
project_zero·2014-12-01·CVSS 4.3
CVE-2014-6350 [MEDIUM] Internet Explorer EPM Sandbox Escape CVE-2014-6350 - Project Zero
Posted by James Forshaw
This month Microsoft fixed 3 different Internet Explorer Enhanced Protected Mode (EPM) sandbox escapes which I disclosed in August. Sandboxes are one of the main areas of interest for Project Zero (and me in particular) as they are choke points for an attacker successfully exploiting a remote code execution vulnerability.
All three bugs are fixed in MS14-065, you can read the original reports here, here and here. CVE-2014-6350 is perhaps the most interesting of the bunch, not because the bug is particularly special but the technique to exploit it to get code execution out of the sandbox is unusual. It demonstrates a potential attack against DCOM hosts if there’s an accompanying memory disclosure vulnerability. This blog post is going to go into a bit more detail
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/70940http://www.securitytracker.com/id/1031185https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065http://www.securityfocus.com/bid/70940http://www.securitytracker.com/id/1031185https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065
2014-11-11
Published