Sign-up

ID

VAR-201802-0099


CVE

CVE-2014-8985


TITLE

Microsoft Internet Explorer 11 Vulnerabilities in arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-008502

DESCRIPTION

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-4145. An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access; this may aid in launching further attacks. The title has been changed to better reflect the vulnerability information

Trust: 1.89

sources: NVD: CVE-2014-8985 // JVNDB: JVNDB-2014-008502 // BID: 70937

AFFECTED PRODUCTS

vendor:microsoftmodel:internet explorerscope:eqversion:11

Trust: 2.7

vendor:microsoftmodel:iisscope:eqversion:8.5

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:8.0

Trust: 0.3

sources: BID: 70937 // JVNDB: JVNDB-2014-008502 // CNNVD: CNNVD-201802-242 // NVD: CVE-2014-8985

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8985
value: HIGH

Trust: 1.0

NVD: CVE-2014-8985
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201802-242
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2014-8985
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2014-8985
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2014-008502 // CNNVD: CNNVD-201802-242 // NVD: CVE-2014-8985

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2014-008502 // NVD: CVE-2014-8985

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-242

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201802-242

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008502

PATCH
title:MS14-051url:https://technet.microsoft.com/en-us/library/security/ms14-051.aspx
Trust: 0.8
title:Assessing risk for the August 2014 security updatesurl:http://blogs.technet.com/b/srd/archive/2014/08/13/assessing-risk-for-the-august-2014-security-updates.aspx
Trust: 0.8
title:MS14-051url:https://technet.microsoft.com/ja-jp/library/security/ms14-051.aspx
Trust: 0.8
title:Microsoft Internet Explorer Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78356
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-008502 // 
            
            
            
            CNNVD: CNNVD-201802-242

EXTERNAL IDS
db:NVDid:CVE-2014-8985
Trust: 2.7
db:BIDid:70937
Trust: 1.3
db:JVNDBid:JVNDB-2014-008502
Trust: 0.8
db:CNNVDid:CNNVD-201802-242
Trust: 0.6
sources:
            
            
            BID: 70937 // 
            
            
            
            JVNDB: JVNDB-2014-008502 // 
            
            
            
            CNNVD: CNNVD-201802-242 // 
            
            
            
            NVD: CVE-2014-8985

REFERENCES
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051
Trust: 1.6
url:http://www.securityfocus.com/bid/70937
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8985
Trust: 0.8
url:http://www.ipa.go.jp/security/ciadr/vul/20140813-ms.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2014/at140031.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-8985
Trust: 0.8
url:http://www.microsoft.com
Trust: 0.3
url:https://technet.microsoft.com/en-us/library/security/ms14-051
Trust: 0.3
url:http://technet.microsoft.com/en-us/security/bulletin/ms14-076
Trust: 0.3
sources:
            
            
            BID: 70937 // 
            
            
            
            JVNDB: JVNDB-2014-008502 // 
            
            
            
            CNNVD: CNNVD-201802-242 // 
            
            
            
            NVD: CVE-2014-8985

CREDITS
Microsoft
Trust: 0.3
sources:
            
            
            BID: 70937

SOURCES
db:BIDid:70937
db:JVNDBid:JVNDB-2014-008502
db:CNNVDid:CNNVD-201802-242
db:NVDid:CVE-2014-8985

LAST UPDATE DATE
2024-11-23T22:18:32.694000+00:00

SOURCES UPDATE DATE
db:BIDid:70937date:2018-02-09T11:00:00
db:JVNDBid:JVNDB-2014-008502date:2018-02-26T00:00:00
db:CNNVDid:CNNVD-201802-242date:2018-02-09T00:00:00
db:NVDid:CVE-2014-8985date:2024-11-21T02:20:01.897

SOURCES RELEASE DATE
db:BIDid:70937date:2014-11-11T00:00:00
db:JVNDBid:JVNDB-2014-008502date:2018-02-26T00:00:00
db:CNNVDid:CNNVD-201802-242date:2018-02-09T00:00:00
db:NVDid:CVE-2014-8985date:2018-02-08T23:29:00.920