Think you have a false positive on this rule?

Sid 1-49988

Message

BROWSER-IE Microsoft Internet Explorer cdomuievent use after free attempt

Summary

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2826, CVE-2014-2827, and CVE-2014-4063.

Impact

CVSS base score 9.3 CVSS impact score 10.0 CVSS exploitability score 8.6 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2014-2820:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2014-2820: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2826, CVE-2014-2827, and CVE-2014-4063.

Affected systems

  • microsoft internet_explorer 6
  • microsoft internet_explorer 7
  • microsoft internet_explorer 8
  • microsoft internet_explorer 9
  • microsoft internet_explorer 10
  • microsoft internet_explorer 11

Ease of attack

CVE-2014-2820:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • cwe.mitre.org/data/definitions/416.html
  • osvdb.org/show/osvdb/109951
  • technet.microsoft.com/en-us/security/bulletin/MS14-051