CVSS: 9.3EPSS: 82%CPEs: 3EXPL: 0CVE-2014-0274 – Microsoft Internet Explorer CDomRange Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0274
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0288. Microsoft Internet Explorer 9 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Internet Explorer Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2014-0270, CVE-2014-0273 y CVE-2014-0288. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CDomRange objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://osvdb.org/103173 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65372 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90764 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 82%CPEs: 6EXPL: 0CVE-2014-0275 – Microsoft Internet Explorer CAreaElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0275
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0285 and CVE-2014-0286. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Internet Explorer Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2014-0285 y CVE-2014-0286. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CAreaElement objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://osvdb.org/103174 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65373 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90765 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 0CVE-2014-0268
https://notcve.org/view.php?id=CVE-2014-0268
Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 8 hasta 11 no restringe adecuadamente la instalación de archivos y la creación de clave del registro, lo que permite a atacantes remotos evadir el mecanismo de protección Mandatory Integrity Control a través de un sitio web manipulado, también conocido como "Internet Explorer Elevation of Privilege Vulnerability." • http://osvdb.org/103165 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65392 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90756 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2014-0293
https://notcve.org/view.php?id=CVE-2014-0293
Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta 11 permite a atacantes remotos leer el contenido de (1) un dominio o (2) una zona diferentes a través de un sitio web manipulado, también conocido como "Internet Explorer Cross-domain Information Disclosure Vulnerability." • http://osvdb.org/103167 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65394 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90758 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 3CVE-2013-5045 – Microsoft Registry Symlink - IE Sandbox Escape (MS13-097)
https://notcve.org/view.php?id=CVE-2013-5045
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 10 y 11 permite a usuarios locales evadir el mecanismo de modo protegido, y consecuentemente obtener privilegios mediante el aprovechamiento de la capacidad de ejecutar código en una sandbox, también conocido como "Vulnerabilidad de elevación de privilegios en Internet Explorer". • https://www.exploit-db.com/exploits/33893 http://packetstormsecurity.com/files/127245/MS13-097-Registry-Symlink-IE-Sandbox-Escape.html http://www.exploit-db.com/exploits/33893 http://www.osvdb.org/100757 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097 https://github.com/tyranid/IE11SandboxEscapes • CWE-20: Improper Input Validation •