CVSS: 8.8EPSS: 35%CPEs: 28EXPL: 0CVE-2014-4123 – Microsoft Internet Explorer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-4123
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124. Microsoft Internet Explorer 7 hasta 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'la vulnerabilidad de la elevación de privilegios de Internet Explorer,' tal y como fue utilizado activamente en octubre 2014, una vulnerabilidad diferente a CVE-2014-4124. Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site. • http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx http://secunia.com/advisories/60968 http://www.securityfocus.com/bid/70326 http://www.securitytracker.com/id/1031018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056 •
CVSS: 9.3EPSS: 12%CPEs: 6EXPL: 0CVE-2014-4128
https://notcve.org/view.php?id=CVE-2014-4128
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer.' • http://secunia.com/advisories/60968 http://www.securityfocus.com/bid/70330 http://www.securitytracker.com/id/1031018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1076 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 25%CPEs: 1EXPL: 1CVE-2014-4138 – Microsoft Internet Explorer ConvertBitmaptoPng Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4138
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4132. Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-4130 y CVE-2014-4132. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. In addition, the user must allow the web page to access the clipboard when so prompted. The vulnerability relates to how Internet Explorer converts bitmap-format graphics to PNG-format graphics. • https://www.exploit-db.com/exploits/40960 http://blog.skylined.nl/20161221001.html http://packetstormsecurity.com/files/140258/Microsoft-Internet-Explorer-11-MSHTML-CPasteCommand-ConvertBitmaptoPng-Buffer-Overflow.html http://secunia.com/advisories/60968 http://www.securityfocus.com/bid/70340 http://www.securitytracker.com/id/1031018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 84%CPEs: 1EXPL: 0CVE-2014-4130 – Microsoft Internet Explorer Title attribute Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4130
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4132 and CVE-2014-4138. Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-4132 y CVE-2014-4138. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of attribute objects for Title elements. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://secunia.com/advisories/60968 http://www.securityfocus.com/bid/70332 http://www.securitytracker.com/id/1031018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 2%CPEs: 1EXPL: 0CVE-2014-4145 – Microsoft Internet Explorer CElement::DelMarkupPtr Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4145
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-8985. Microsoft Internet Explorer 11 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (corrupción de memoria) mediante un sitio web manipulado. Esto se conoce como "Internet Explorer Memory Corruption Vulnerability" y es una vulnerabilidad diferente de CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057 y CVE-2014-8985. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The issue lies in CElement::DelMarkupPtr which expects a CMarkup object at a certain offset. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •