CVSS: 9.3EPSS: 79%CPEs: 4EXPL: 0CVE-2014-0312 – Microsoft Internet Explorer CSelectElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0312
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0324. Microsoft Internet Explorer 8 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria en Internet Explorer," una vulnerabilidad diferente a CVE-2014-0297, CVE-2014-0308 y CVE-2014-0324. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CSelectElement objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 79%CPEs: 2EXPL: 0CVE-2014-0313 – Microsoft Internet Explorer Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0313
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0321. Microsoft Internet Explorer 10 y 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria en Internet Explorer," una vulnerabilidad diferente a CVE-2014-0321. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of text nodes. The issue lies in the combined usage of unicode characters and CSS properties resulting in writing past the end of an allocated buffer. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 60%CPEs: 31EXPL: 1CVE-2013-7331 – Microsoft Internet Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2013-7331
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. El control ActiveX Microsoft.XMLDOM en Microsoft Windows 8.1 y anteriores permite a atacantes remotos determinar la existencia de nombres de rutas locales, nombres de rutas compartidas UNC, nombres de host de intranet y direcciones IP de intranet mediante el exámen de códigos erróneos, tal y como se demostró por medio de una URL res:// y explotado activamente en febrero 2014. An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications. • http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html http://www.kb.cert.org/vuls/id/539289 http://www.securitytracker.com/id/1030818 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052 https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 97%CPEs: 11EXPL: 5CVE-2014-0322 – Microsoft Internet Explorer Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2014-0322
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014. Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 10 permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran código JavaScript manipulado, tal y como se explotó activamente en enero y febrero 2014. Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code. • https://www.exploit-db.com/exploits/32904 https://www.exploit-db.com/exploits/32851 http://community.websense.com/blogs/securitylabs/archive/2014/02/13/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspx http://technet.microsoft.com/security/advisory/2934088 http://twitter.com/nanoc0re/statuses/434251658344673281 http://www.exploit-db.com/exploits/32851 http://www.exploit-db.com/exploits/32904 http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new& • CWE-416: Use After Free •
CVSS: 9.3EPSS: 82%CPEs: 4EXPL: 0CVE-2014-0281 – Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0281
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0287. Microsoft Internet Explorer 8 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Internet Explorer Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2014-0287. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CTreeNode objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://osvdb.org/103180 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65381 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90773 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •