CVSS: 9.3EPSS: 57%CPEs: 6EXPL: 0CVE-2014-2807
https://notcve.org/view.php?id=CVE-2014-2807
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2800 and CVE-2014-2809. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-2800 y CVE-2014-2809. • http://secunia.com/advisories/59775 http://www.securityfocus.com/bid/68388 http://www.securitytracker.com/id/1030532 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 69%CPEs: 6EXPL: 0CVE-2014-2809 – Microsoft Internet Explorer CImgElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2809
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2800 and CVE-2014-2807. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-2800 y CVE-2014-2807. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CImgElement objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://secunia.com/advisories/59775 http://www.securityfocus.com/bid/68389 http://www.securitytracker.com/id/1030532 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 57%CPEs: 3EXPL: 0CVE-2014-2797
https://notcve.org/view.php?id=CVE-2014-2797
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer.' • http://secunia.com/advisories/59775 http://www.securityfocus.com/bid/68380 http://www.securitytracker.com/id/1030532 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 1%CPEs: 5EXPL: 0CVE-2014-2783
https://notcve.org/view.php?id=CVE-2014-2783
Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka "Extended Validation (EV) Certificate Security Feature Bypass Vulnerability." Microsoft Internet Explorer 7 hasta 11 no previenen el uso de certificados EV SSL comodines, lo que podría permitir a atacantes remotos falsificar un nivel de confianza mediante el aprovechamiento de la emisión indebida de un certificado comodín por una autoridad de certificación reconocida, también conocido como 'vulnerabilidad de evasión de la funcionalidad de la seguridad de certificación de validación extendida (EV).' • http://secunia.com/advisories/59775 http://www.securityfocus.com/bid/68391 http://www.securitytracker.com/id/1030532 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2014-1771 – Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free / Memory Corruption (PoC) (MS14-035)
https://notcve.org/view.php?id=CVE-2014-1771
SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerability." SChannel en Microsoft Internet Explorer 6 hasta 11 no asegura que el certificado X.509 de un servidor sea el mismo durante la renegociación que era antes de la renegociación, lo que permite a atacantes man-in-the-middle obtener información sensible o modificar datos de la sesión TLS a través de un 'ataque de negociación triple,' también conocido como 'Vulnerabilidad de Renegociación del Certificado del Servidor TLS.' • https://www.exploit-db.com/exploits/34010 http://www.securityfocus.com/bid/67861 http://www.securitytracker.com/id/1030370 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035 https://secure-resumption.com • CWE-310: Cryptographic Issues •