CVSS: 9.3EPSS: 44%CPEs: 12EXPL: 0CVE-2014-1817
https://notcve.org/view.php?id=CVE-2014-1817
11 Jun 2014 — usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EMF+ record in a font file... • http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 42%CPEs: 12EXPL: 0CVE-2014-1818
https://notcve.org/view.php?id=CVE-2014-1818
11 Jun 2014 — GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code via a crafted EMF+ record in an image file, aka "GDI+ Image Parsing Vulnerability." GDI+ en Microsoft Windows Server 2003 SP2, Windows Vista S... • http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 3%CPEs: 12EXPL: 0CVE-2014-1807
https://notcve.org/view.php?id=CVE-2014-1807
14 May 2014 — The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local users to gain privileges via a crafted application, as exploited in the wild in May 2014, aka "Windows Shell File Association Vulnerability." La API ShellExecute en Windows Shell en Microsoft Windows Server 2003 SP2... • http://www.securityfocus.com/bid/67276 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2013-5016
https://notcve.org/view.php?id=CVE-2013-5016
08 May 2014 — Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors. Symantec Critical System Protection (SCSP) anterior a 5.2.9, cuando se instala en una plataforma R2 de Windows Server 2003 sin parches , permite a atacantes remotos evadir configuraciones de política a través de vectores no especificados. • http://www.securityfocus.com/bid/67161 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 76%CPEs: 35EXPL: 1CVE-2014-1776 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2014-1776
27 Apr 2014 — Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediat... • http://blogs.technet.com/b/srd/archive/2014/04/30/protection-strategies-for-the-security-advisory-2963983-ie-0day.aspx • CWE-416: Use After Free •
CVSS: 7.3EPSS: 29%CPEs: 14EXPL: 0CVE-2014-0315
https://notcve.org/view.php?id=CVE-2014-0315
08 Apr 2014 — Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability." Vulnerabilidad de ruta de búsqueda en Microsof... • http://blogs.technet.com/b/srd/archive/2014/04/08/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file.aspx • CWE-426: Untrusted Search Path •
CVSS: 7.2EPSS: 0%CPEs: 14EXPL: 0CVE-2014-0300
https://notcve.org/view.php?id=CVE-2014-0300
12 Mar 2014 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." win32k.sys en los controladores en modo kernel en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-015 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 21%CPEs: 11EXPL: 0CVE-2014-0301
https://notcve.org/view.php?id=CVE-2014-0301
12 Mar 2014 — Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka "DirectShow Memory Corruption Vulnerability." Vulnerabilidad de doble liberación en qedit.dll en DirectShow en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-013 • CWE-415: Double Free •
CVSS: 9.1EPSS: 11%CPEs: 10EXPL: 0CVE-2014-0317
https://notcve.org/view.php?id=CVE-2014-0317
12 Mar 2014 — The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability." La implementación del protocolo Security Account Manager Remote (S... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-016 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.6EPSS: 1%CPEs: 14EXPL: 0CVE-2014-0323
https://notcve.org/view.php?id=CVE-2014-0323
12 Mar 2014 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability." win32k.sys en los controladores en modo kernel en Microsoft Window... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-015 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •