CVE-2014-1800

Microsoft Internet Explorer <11 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1800.

AI-analyzed exploit summary This HTML/JavaScript PoC demonstrates a use-after-free vulnerability in Internet Explorer 9/10 (CVE-2014-1800) by manipulating the CFormElement object via event handlers, leading to memory corruption. The exploit triggers the vulnerability by freeing the object and then accessing it, as shown in the disassembly comments.

Description

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC
htmldoswindows_x86
https://www.exploit-db.com/exploits/34010

This HTML/JavaScript PoC demonstrates a use-after-free vulnerability in Internet Explorer 9/10 (CVE-2014-1800) by manipulating the CFormElement object via event handlers, leading to memory corruption. The exploit triggers the vulnerability by freeing the object and then accessing it, as shown in the disassembly comments.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 9, 10
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 9 or 10
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67831
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030370

Scores

EPSS 0.4610
EPSS Percentile 97.7%

Details

CWE
CWE-119
Status published
Products (4)
microsoft/internet_explorer 8
microsoft/internet_explorer 9
microsoft/internet_explorer 10
microsoft/internet_explorer 11
Published Jun 11, 2014
Tracked Since Feb 18, 2026