CVE-2014-4143 – Microsoft Internet Explorer CSecurityContext Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4143
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6341. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer', una vulnerabilidad diferente a CVE-2014-6341. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Internet Explorer manages the lifetime of CSecurityContext objects. By manipulating a document's elements an attacker can force a CSecurityContext object in memory to be reused after it has been freed. • http://www.securitytracker.com/id/1031185 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065 • CWE-399: Resource Management Errors •
CVE-2014-6340
https://notcve.org/view.php?id=CVE-2014-6340
Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos leer el contenido de (1) un dominio o (2) una zona diferentes a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la divulgación de información de dominios cruzados de Microsoft Internet Explorer.' • http://www.securityfocus.com/bid/70941 http://www.securitytracker.com/id/1031185 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-6341 – Microsoft Internet Explorer CStyleSheet::get_parentStyleSheet Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6341
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4143. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer', una vulnerabilidad diferente a CVE-2014-4143. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to the way Internet Explorer tracks the relationship between two CSS stylesheets when one is imported by the other. The imported stylesheet continues to refer to its parent stylesheet even after the parent stylesheet is no longer valid. • http://www.securityfocus.com/bid/70338 http://www.securitytracker.com/id/1031185 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065 • CWE-399: Resource Management Errors •
CVE-2014-6353
https://notcve.org/view.php?id=CVE-2014-6353
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer.' • http://www.securityfocus.com/bid/70333 http://www.securitytracker.com/id/1031185 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065 • CWE-399: Resource Management Errors •
CVE-2014-4134
https://notcve.org/view.php?id=CVE-2014-4134
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer.' • http://secunia.com/advisories/60968 http://www.securityfocus.com/bid/70336 http://www.securitytracker.com/id/1031018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056 • CWE-20: Improper Input Validation •