CVSS: 10.0EPSS: 96%CPEs: 35EXPL: 1CVE-2014-1776 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2014-1776
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks." Vulnerabilidad de uso después de liberación de memoria en Microsoft Internet Explorer 6 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores relacionados con la función CMarkup::IsConnectedToPrimaryMarkup, tal como fue explotado activamente en abril de 2014. NOTA: este problema se enfatizó originalmente en VGX.DLL, pero Microsoft aclaró que "VGX.DLL no contiene el código vulnerable aprovechado en esta explotación. • http://blogs.technet.com/b/srd/archive/2014/04/30/protection-strategies-for-the-security-advisory-2963983-ie-0day.aspx http://secunia.com/advisories/57908 http://securitytracker.com/id?1030154 http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html http://www.kb.cert.org/vuls/id/222929 http://www.osvdb.org/106311 http://www.securityfocus.com/bid/67075 http://www.signalsec.com/cve-20 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 84%CPEs: 6EXPL: 1CVE-2014-1762 – (Pwn2Own\Pwn4Fun) Microsoft Internet Explorer localhost Protected Mode Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2014-1762
Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014. Vulnerabilidad no especificada en Microsoft Internet Explorer 6 hasta la versión 11 permite a atacantes remotos ejecutar código arbitario con privilegios de integridad media y eludir un mecanismo de protección sandbox a través de vectores desconocidos, según lo demostrado por ZDI durante una competición Pwn4Fun en CanSecWest 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ability to trick the broker into loading a malicious page in a privileged context. The issue lies in the implicit trust of navigating to localhost. • https://www.exploit-db.com/exploits/34010 http://twitter.com/thezdi/statuses/443810610958958592 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one http://www.securityfocus.com/bid/67511 http://www.securitytracker.com/id/1030370 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035 •
CVSS: 9.3EPSS: 81%CPEs: 5EXPL: 0CVE-2014-1753 – Microsoft Internet Explorer CAttrArray Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1753
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 9 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria de Internet Explorer." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CAttrArray objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-018 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 89%CPEs: 3EXPL: 0CVE-2014-0302
https://notcve.org/view.php?id=CVE-2014-0302
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0303. Microsoft Internet Explorer 6 hasta 8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria en Internet Explorer," una vulnerabilidad diferente a CVE-2014-0303. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 81%CPEs: 6EXPL: 0CVE-2014-0299 – Microsoft Internet Explorer Uninitialized Variable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0299
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0305 and CVE-2014-0311. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria en Internet Explorer," una vulnerabilidad diferente a CVE-2014-0305 y CVE-2014-0311. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of HTML tables. An uninitialized variable in one of the functions can cause memory corruption. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-012 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •