Microsoft Internet Explorer 11 Medium-Integrity Privileges Remote Code Execution And Sandbox Bypass Vulnerability

Published on June 10th, 2014
Summary

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code Vulnerability

Credit:

The information has been provided by ZDI during a Pwn2Own competition.


Details

Vulnerable Systems:
 * Microsoft Windows 8.1

Unspecified vulnerability in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014.

CVE Information:
CVE-2014-1762

Disclosure Timeline:
Original release date: 04/27/2014
Last revised: 04/28/2014

Categories: Reviews
Tags:

Related Posts

Reviews

‘Bypassing Internet Explorer’s XSS Filter’

'Internet Explorer 9 has a security system with well known shortfalls, most notably that it does not attempt to address DOM based XSS or Stored XSS. This security system is built on an arbitrary philosophy which only accounts for the most straight forward of reflective XSS attacks. This paper covers three attack patterns that undermine Internet Explorer's ability to prevent Reflective XSS.'

Reviews

‘Apple OfficeImport Framework Excel Memory Corruption Vulnerability’

'Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user.'

Reviews

‘LittleBlackBox Project: Default SSL Keys in Multiple Routers’

'Many routers that provide an HTTPS administrative interface use default or hard-coded SSL keys that can be recovered by extracting the file system from the device's firmware. The LittleBlackBox project contains a database of over 2,000 (and growing) private SSL keys that are correlated with their respective public certificates, and hardware/firmware versions. While most of these certificates are from DD-WRT firmware, there are also private keys from other vendors including Cisco, Linksys, D-Link and Netgear.'