vendor:
Internet Explorer
by:
Drozdova Liudmila, ITDefensor Vulnerability Research Team
7.5
CVSS
HIGH
Use-after-free
416
CWE
Product Name: Internet Explorer
Affected Version From: Internet Explorer 8
Affected Version To: Internet Explorer 10
Patch Exists: YES
Related CWE: Unknown
CPE: a:microsoft:internet_explorer:8
Platforms Tested: Windows 7 SP1 x86 with IE 7, 8, 9, 10
2014
MS14-035 Internet Explorer CInput Use-after-free POC
This exploit targets a use-after-free vulnerability in Internet Explorer. It causes a crash when accessing a freed CInput element in the DoReset function of the mshtml module. The vulnerability allows an attacker to execute arbitrary code on a target system.
Mitigation:
Apply the relevant security patch provided by Microsoft.