CVE-2014-1770

ENISA EUVD: EUVD-2014-1844 ↗

✓ Confirmed 0-Day

Triaged: March 20, 2026 3 articles Published: 2014-05-22

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗

EPSS Score

Source: FIRST.org · 2026-05-24

43.74%

probability

This CVE has a 43.74% probability of being exploited in the next 30 days.

0% Top 97.6th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

VulnerabilityLookup (CNA)

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.

Affected Products

n/a

Attack Intelligence

CWE-399

Exploits & PoC

http://zerodayinitiative.com/advisories/ZDI-14-140/

x_refsource_MISC

http://www.securitytracker.com/id/1030266

vdb-entry x_refsource_SECTRACK

http://www.kb.cert.org/vuls/id/239151

third-party-advisory x_refsource_CERT-VN

https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day/

x_refsource_MISC

http://www.securityfocus.com/bid/67544

vdb-entry x_refsource_BID

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035

vendor-advisory x_refsource_MS

Signal Intelligence

Confidenceⓘ

85%

EPSS 43.74%

Mentions 3

CNA Information

CNA Assigner

microsoft

Analyst Note

CVE-2014-1770 is explicitly named as a zero-day Internet Explorer vulnerability discovered in October 2013 and publicly disclosed in June 2014. Article [3] confirms it was hidden/undisclosed for months before public disclosure, meeting the core zero-day criterion of exploitation/discovery preceding patch availability.

Triage Info

Decided atMar 20, 2026

Published DateMay 22, 2014