CVSS: 9.3EPSS: 5%CPEs: 1EXPL: 0CVE-2014-0277
https://notcve.org/view.php?id=CVE-2014-0277
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0278 and CVE-2014-0279. Microsoft Internet Explorer 8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Internet Explorer Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2014-0278 y CVE-2014-0279. • http://marc.info/?l=bugtraq&m=144498216801440&w=2 http://osvdb.org/103176 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65376 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90767 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 82%CPEs: 1EXPL: 0CVE-2014-0278 – Microsoft Internet Explorer CSS Out-Of-Bounds Indexing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0278
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0279. Microsoft Internet Explorer 8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Internet Explorer Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2014-0277 y CVE-2014-0279. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CSS properties objects. The issue lies in the ability to index outside the bounds of an array. • http://osvdb.org/103177 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65377 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90768 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 0CVE-2014-0268
https://notcve.org/view.php?id=CVE-2014-0268
Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 8 hasta 11 no restringe adecuadamente la instalación de archivos y la creación de clave del registro, lo que permite a atacantes remotos evadir el mecanismo de protección Mandatory Integrity Control a través de un sitio web manipulado, también conocido como "Internet Explorer Elevation of Privilege Vulnerability." • http://osvdb.org/103165 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65392 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90756 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2014-0293
https://notcve.org/view.php?id=CVE-2014-0293
Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta 11 permite a atacantes remotos leer el contenido de (1) un dominio o (2) una zona diferentes a través de un sitio web manipulado, también conocido como "Internet Explorer Cross-domain Information Disclosure Vulnerability." • http://osvdb.org/103167 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65394 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90758 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0812
https://notcve.org/view.php?id=CVE-2014-0812
Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en KENT-WEB Joyful Note 2.8 y anteriores, cuando se usa Internet Explorer 7 o anterior, permite a atacantes remotos inyectar script Web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN30718178/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000013 http://osvdb.org/102740 http://www.kent-web.com/bbs/joyful.html http://www.securityfocus.com/bid/65301 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •