|
|
|||
| Rule General Information |
|---|
| Release Date: | 2014-12-09 | |
| Rule Name: | Microsoft Internet Explorer ASLR Security Policy Bypass Vulnerability (CVE-2014-6368) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site. | |
| Impact: | ASLR is the abbreviation of address space layout randomization, it is a technology to prevent buffer overflow attempt. The ASLR technoloy in the affected product can be bypassed by an attacker, which may occur buffer overflow attacks or arbitrary code execution. | |
| Affected OS: | Windows | |
| Reference: | MicrosoftSecurityBulletin:MS14-080 |
|
| Solutions |
|---|
| Microsoft has released a patch MS14-080 to eliminate the vulnerability. The patch can be downloaded at http://technet.microsoft.com/security/bulletin/MS14-080 |