Understanding and protecting against the vulnerability
defined in CVE-2014-6351
Internet Explorer Memory Corruption Vulnerability
In summary, this vulnerability impacts Microsoft Internet Explorer versions 8 – 11, the common browser used by most PCs by default. When a user connects to a website with code design to exploit this vulnerability, the browser allows:
- – remote attackers to execute arbitrary code or
- – cause a denial of service (memory corruption)
These sites are typically custom designed and obfuscated in order to have people connect to them for some legitimate reason or individuals are enticed to visit them through phishing. A PC must connect to a site with the exploit code in order to be infected. Remember, a legitimate site could be compromised and be running this code as well. Once a user connects to the site, they will be unaware of the exploit and the exploit code does not need to have authentication credentials on the website to compromise the PC.
Correcting this Vulnerability
By selecting these links, you will be leaving SAVANTURE’s website. At the time of publication, we had no concern with the websites which you are being referred.
External Source: NIST