CVE-2014-2771

Microsoft Internet Explorer 10 and 11 - Remote Code Execution via Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2771.

AI-analyzed exploit summary This is a functional proof-of-concept exploit for a use-after-free vulnerability in Internet Explorer 9 and 10. The exploit triggers a memory corruption by manipulating the CFormElement object through JavaScript, leading to potential arbitrary code execution.

Description

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, and CVE-2014-2769.

Exploits (1)

exploitdb WORKING POC
htmldoswindows_x86
https://www.exploit-db.com/exploits/34010

This is a functional proof-of-concept exploit for a use-after-free vulnerability in Internet Explorer 9 and 10. The exploit triggers a memory corruption by manipulating the CFormElement object through JavaScript, leading to potential arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 9, 10
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 9 or 10
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030370
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67856

Scores

EPSS 0.4666
EPSS Percentile 97.7%

Details

CWE
CWE-119
Status published
Products (2)
microsoft/internet_explorer 10
microsoft/internet_explorer 11
Published Jun 11, 2014
Tracked Since Feb 18, 2026