QwikSec

Security Database

CVE

CWE

Training

CVE-2014-1764

Published: Apr 27, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/

x_refsource_MISC

20140716 VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014)

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_MS

http://twitter.com/thezdi/statuses/443855973673754624

x_refsource_MISC

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.