CVE-2014-0286 – Microsoft Internet Explorer CInputElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0286
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0285. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Internet Explorer Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2014-0275 y CVE-2014-0285. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CInputElement objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://osvdb.org/103184 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65385 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90776 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0269 – Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0269
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Internet Explorer Memory Corruption Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CMarkup objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. • http://osvdb.org/103169 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65363 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0271
https://notcve.org/view.php?id=CVE-2014-0271
The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability." El motor VBScript en Microsoft Internet Explorer 6 hasta 11 y VBScript 5.6 hasta 5.8, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "VBScript Memory Corruption Vulnerability." • http://osvdb.org/103166 http://secunia.com/advisories/56796 http://secunia.com/advisories/56814 http://www.securityfocus.com/bid/65395 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-011 https://exchange.xforce.ibmcloud.com/vulnerabilities/90757 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0275 – Microsoft Internet Explorer CAreaElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0275
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0285 and CVE-2014-0286. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Internet Explorer Memory Corruption Vulnerability," una vulnerabilidad diferente a CVE-2014-0285 y CVE-2014-0286. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CAreaElement objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://osvdb.org/103174 http://secunia.com/advisories/56796 http://www.securityfocus.com/bid/65373 http://www.securitytracker.com/id/1029741 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/90765 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-0812
https://notcve.org/view.php?id=CVE-2014-0812
Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en KENT-WEB Joyful Note 2.8 y anteriores, cuando se usa Internet Explorer 7 o anterior, permite a atacantes remotos inyectar script Web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN30718178/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000013 http://osvdb.org/102740 http://www.kent-web.com/bbs/joyful.html http://www.securityfocus.com/bid/65301 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •