|CVSS SCORE||7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
Internet Explorer Mobile
|TIPPINGPOINT™ IPS CUSTOMER PROTECTION||TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 17037. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The vulnerability relates to how Internet Explorer processes arrays representing cells in HTML tables. By manipulating a document's elements an attacker can force a Internet Explorer to use memory past the end of an array of HTML cells. An attacker can leverage this vulnerability to execute code under the context of the current process.
11/12/2014 - ZDI disclosed the case to the vendor at Mobile Pwn2Own
- Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone