Vulnerability Summary
*******************
Title Microsoft Internet Explorer CMarkup Use-After-Free
Release Date 6 October 2014
Reference NGS00704
Discoverer Edward Torkington
Vendor Microsoft
Vendor Reference 19160
Systems Affected IE6-11
CVE Reference CVE-2014-1799
Risk High
Status Fixed
Resolution Timeline
****************
Discovered 22 May 2014
Reported 22 May 2014
Released 22 May 2014
Fixed 22 June 2014
Published 6 October 2014
(The time between the bug being fixed and this advisory published was due to
discussions and confirmation with MSRC about the root cause of the bug)
Vulnerability Description
********************
Microsoft Internet Explorer was found to be vulnerable to a memory
corruption vulnerability which could be triggered via the viewing of a
particular web page. Viewing of the page may allow an attacker to execute
arbitrary code with privileges of the Internet Explorer process.
Technical Details
**************
The vulnerability exists within the management of CMarkup objects.
Manipulating the document’s elements can force the use of a dangling
pointer after it has been freed. An attacker could influence the use of
this pointer (Use-After-Free) to ultimately execute code under the context
of the current process. Versions 6-11 of Microsoft Internet Explorer were
found to be affected by this vulnerability.
Fix Information
*************
Microsoft confirmed that this vulnerability shared a common root cause with
other issues and was addressed as part of security update MS14-035.
https://technet.microsoft.com/library/security/ms14-035
NCC Group
**********
Research https://www.nccgroup.com/research
Twitter https://www.twitter.com/NCCGroupInfoSec / @NCCGroupInfoSec
Open Source https://github.com/nccgroup
Blog https://www.nccgroup.com/en/blog/cyber-security/
SlideShare http://www.slideshare.net/NCC_Group
