CVE-2014-1770

Microsoft Internet Explorer <11 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1770.

AI-analyzed exploit summary This HTML/JavaScript PoC demonstrates a use-after-free vulnerability in Internet Explorer 9/10 (CVE-2014-1770) by triggering a memory corruption in MSHTML!CInput::DoClick. The exploit manipulates the DOM to free a CFormElement object while still referencing it, leading to arbitrary memory writes.

Description

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.

Exploits (1)

exploitdb WORKING POC

htmldoswindows_x86

https://www.exploit-db.com/exploits/34010

View Code ZIP pw:eip

This HTML/JavaScript PoC demonstrates a use-after-free vulnerability in Internet Explorer 9/10 (CVE-2014-1770) by triggering a memory corruption in MSHTML!CInput::DoClick. The exploit manipulates the DOM to free a CFormElement object while still referencing it, leading to arbitrary memory writes.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Internet Explorer 9, 10

No auth needed

Prerequisites: Victim must visit a malicious webpage using vulnerable IE version

MITRE ATT&CK