CVE-2014-4138

Microsoft Internet Explorer 11 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4138. PoCs published by Skylined.

AI-analyzed exploit summary This exploit leverages an out-of-bounds write vulnerability in Microsoft Internet Explorer 11 during the conversion of a BMP image to PNG format. The provided SVG file triggers the vulnerability by programmatically copying and pasting an image, leading to potential arbitrary code execution.

Description

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4132.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Skylined · doswindows

https://www.exploit-db.com/exploits/40960

View Code ZIP pw:eip

This exploit leverages an out-of-bounds write vulnerability in Microsoft Internet Explorer 11 during the conversion of a BMP image to PNG format. The provided SVG file triggers the vulnerability by programmatically copying and pasting an image, leading to potential arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Internet Explorer 11.0.9600.16521

No auth needed

Prerequisites: User interaction to open the crafted SVG file · Clipboard access permissions

MITRE ATT&CK