CVE-2014-2772

Microsoft Internet Explorer 11 - Remote Code Execution via Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2772.

AI-analyzed exploit summary This is a functional proof-of-concept for a use-after-free vulnerability in Internet Explorer 9 and 10, where a freed CFormElement object is accessed, leading to memory corruption. The PoC demonstrates the vulnerability by triggering the issue via JavaScript manipulation of DOM elements.

Description

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, and CVE-2014-2776.

Exploits (1)

exploitdb WORKING POC
htmldoswindows_x86
https://www.exploit-db.com/exploits/34010

This is a functional proof-of-concept for a use-after-free vulnerability in Internet Explorer 9 and 10, where a freed CFormElement object is accessed, leading to memory corruption. The PoC demonstrates the vulnerability by triggering the issue via JavaScript manipulation of DOM elements.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 9, 10
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 9 or 10
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030370
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67857

Scores

EPSS 0.4666
EPSS Percentile 97.7%

Details

CWE
CWE-119
Status published
Products (1)
microsoft/internet_explorer 11
Published Jun 11, 2014
Tracked Since Feb 18, 2026