Vulnerabilities > CVE-2014-6344 - Resource Management Errors vulnerability in Microsoft Internet Explorer 8/9

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
microsoft
CWE-399
critical
nessus

Summary

Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Vulnerable Configurations

Part Description Count
Application
Microsoft
2

Common Weakness Enumeration (CWE)

Msbulletin

bulletin_idMS14-065
bulletin_url
date2014-11-11T00:00:00
impactRemote Code Execution
knowledgebase_id3003057
knowledgebase_url
severityCritical
titleCumulative Security Update for Internet Explorer

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS14-065.NASL
descriptionThe version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3003057. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An attacker can exploit these by convincing a user to visit a specially crafted web page.
last seen2020-06-01
modified2020-06-02
plugin id79126
published2014-11-12
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/79126
titleMS14-065: Cumulative Security Update for Internet Explorer (3003057)