| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.6 | $25k-$100k | 0.00 |
A vulnerability was found in Microsoft Internet Explorer (Web Browser) (version now known). It has been rated as critical. Affected by this issue is some unknown processing of the component CSS. The manipulation of the argument display:run-in with an unknown input leads to a use after free vulnerability. Using CWE to declare the problem leads to CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. Impacted is confidentiality, integrity, and availability.
The weakness was shared 12/04/2014 by Arthur Gerkis as ZDI-14-403 as not defined advisory (ZDI). The advisory is available at zerodayinitiative.com. This vulnerability is handled as CVE-2014-8967 since 11/18/2014. The attack may be launched remotely. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. Technical details are known, but there is no available exploit. The structure of the vulnerability defines a possible price range of USD $25k-$100k at the moment (estimation calculated on 02/27/2022). It is expected to see the exploit prices for this product decreasing in the near future. The advisory points out:
The vulnerability relates to how Internet Explorer uses reference counting to manage the lifetimes of the in-memory objects representing HTML elements (CElement objects). By applying a CSS style of display:run-in to a page and performing particular manipulations, an attacker can cause an object's reference count to fall to zero prematurely, causing the object to be freed. Internet Explorer will then continue using this object after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.
The vulnerability was handled as a non-public zero-day exploit for at least 273 days. During that time the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 81262 (MS15-009: Security Update for Internet Explorer (3034682)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 100220 (Microsoft Internet Explorer Cumulative Security Update (MS15-009)).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 16284.
The vulnerability is also documented in the databases at X-Force (99169), Tenable (81262), SecurityFocus (BID 71483†) and Vulnerability Center (SBV-47631†). The entries VDB-69108, VDB-69109, VDB-69110 and VDB-69111 are related to this item. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
License
Support
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 5.6
VulDB Base Score: 6.3
VulDB Temp Score: 5.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Use after freeCWE: CWE-416 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 81262
Nessus Name: MS15-009: Security Update for Internet Explorer (3034682)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
Fortigate IPS: 🔍
Timeline
03/06/2014 🔍11/18/2014 🔍
12/04/2014 🔍
12/04/2014 🔍
12/04/2014 🔍
12/08/2014 🔍
12/15/2014 🔍
12/16/2014 🔍
06/05/2015 🔍
02/27/2022 🔍
Sources
Vendor: microsoft.comAdvisory: ZDI-14-403
Researcher: Arthur Gerkis
Status: Not defined
CVE: CVE-2014-8967 (🔍)
GCVE (CVE): GCVE-0-2014-8967
GCVE (VulDB): GCVE-100-68354
OVAL: 🔍
X-Force: 99169 - Microsoft Internet Explorer run-in code execution, High Risk
SecurityFocus: 71483 - Microsoft Internet Explorer CVE-2014-8967 Use After Free Remote Code Execution Vulnerability
Vulnerability Center: 47631 - [MS15-009] Microsoft Internet Explorer Use After Free Remote Code Execution Vulnerability - CVE-2014-8967, Critical
See also: 🔍
Entry
Created: 12/08/2014 10:44 AMUpdated: 02/27/2022 04:35 PM
Changes: 12/08/2014 10:44 AM (71), 04/07/2017 12:12 PM (10), 02/27/2022 04:27 PM (2), 02/27/2022 04:35 PM (1)
Complete: 🔍
Cache ID: 18:030:40
No comments yet. Languages: en.
Please log in to comment.