Page 28 of 368 results (0.009 seconds)

CVSS: 9.3EPSS: 76%CPEs: 6EXPL: 1

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-0282, CVE-2014-1775, CVE-2014-1799, CVE-2014-1803 y CVE-2014-2757. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CElement objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • https://www.exploit-db.com/exploits/34010 http://www.securityfocus.com/bid/67872 http://www.securitytracker.com/id/1030370 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 72%CPEs: 6EXPL: 1

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function. Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 8 permite a atacantes remotos ejecutar código arbitrario a través de código JavaScript manipulado que no interactúa debidamente con una llamada de la función CollectGarbage function en un objeto CMarkup asignado por la función CMarkup::CreateInitialMarkup. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CMarkup objects. The allocation initially happens within CMarkup::CreateInitialMarkup. • https://www.exploit-db.com/exploits/34010 http://www.kb.cert.org/vuls/id/239151 http://www.securityfocus.com/bid/67544 http://www.securitytracker.com/id/1030266 http://zerodayinitiative.com/advisories/ZDI-14-140 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035 https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 96%CPEs: 6EXPL: 1

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0310. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, tal y como fue demostrado activamente en mayo 2014, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-0310. • https://www.exploit-db.com/exploits/34458 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 79%CPEs: 6EXPL: 0

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1815. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-1815. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of an element's attributes. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 39%CPEs: 5EXPL: 1

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. Microsoft Internet Explorer 7 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario y eludir un mecanismo de protección sandbox aprovechando "confusión de objeto" en un proceso broker, según lo demostrado por VUPEN durante una competición Pwn2Own en CanSecWest 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of data shared to the broker by the sandboxed process. The issue lies in the failure to validate an object's type. • https://www.exploit-db.com/exploits/34010 http://twitter.com/thezdi/statuses/443855973673754624 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one http://www.securityfocus.com/archive/1/532798/100/0/threaded http://www.securityfocus.com/bid/67295 http://www.securitytracker.com/id/1030370 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035 • CWE-264: Permissions, Privileges, and Access Controls •