Microsoft Internet Explorer CMarkup Use-After-Free

Vulnerability Summary
Title Microsoft Internet Explorer CMarkup Use-After-Free
Release Date 6 October 2014
Reference NGS00704
Discoverer Edward Torkington
Vendor Microsoft
Vendor Reference 19160
Systems Affected IE6-11
CVE Reference CVE-2014-1799
Risk High
Status Fixed

Resolution Timeline
Discovered 22 May 2014
Reported 22 May 2014
Released 22 May 2014
Fixed 22 June 2014
Published 6 October 2014
(The time between the bug being fixed and this advisory published was due to
discussions and confirmation with MSRC about the root cause of the bug)


Vulnerability Description
Microsoft Internet Explorer was found to be vulnerable to a memory
corruption vulnerability which could be triggered via the viewing of a
particular web page. Viewing of the page may allow an attacker to execute
arbitrary code with privileges of the Internet Explorer process.


Technical Details
The vulnerability exists within the management of CMarkup objects.
Manipulating the document’s elements can force the use of a dangling
pointer after it has been freed. An attacker could influence the use of
this pointer (Use-After-Free) to ultimately execute code under the context
of the current process. Versions 6-11 of Microsoft Internet Explorer were
found to be affected by this vulnerability.

Fix Information
Microsoft confirmed that this vulnerability shared a common root cause with
other issues and was addressed as part of security update MS14-035.

NCC Group
Twitter / @NCCGroupInfoSec
Open Source


Call us before you need us.

Our experts will help you.

Get in touch