CVSS: 9.3EPSS: 64%CPEs: 4EXPL: 0CVE-2014-2804
https://notcve.org/view.php?id=CVE-2014-2804
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2795, and CVE-2014-2798. Microsoft Internet Explorer 8 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-2789, CVE-2014-2795 y CVE-2014-2798. • http://secunia.com/advisories/59775 http://www.securityfocus.com/bid/68386 http://www.securitytracker.com/id/1030532 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 74%CPEs: 3EXPL: 0CVE-2014-2803 – Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2803
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 8 hasta 10 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CTreePos objects By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. • http://secunia.com/advisories/59775 http://www.securityfocus.com/bid/68385 http://www.securitytracker.com/id/1030532 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 64%CPEs: 6EXPL: 0CVE-2014-2800
https://notcve.org/view.php?id=CVE-2014-2800
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2807 and CVE-2014-2809. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-2807 y CVE-2014-2809. • http://secunia.com/advisories/59775 http://www.securityfocus.com/bid/68382 http://www.securitytracker.com/id/1030532 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 74%CPEs: 6EXPL: 0CVE-2014-2809 – Microsoft Internet Explorer CImgElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2809
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2800 and CVE-2014-2807. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-2800 y CVE-2014-2807. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CImgElement objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://secunia.com/advisories/59775 http://www.securityfocus.com/bid/68389 http://www.securitytracker.com/id/1030532 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 1%CPEs: 5EXPL: 0CVE-2014-2783
https://notcve.org/view.php?id=CVE-2014-2783
Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka "Extended Validation (EV) Certificate Security Feature Bypass Vulnerability." Microsoft Internet Explorer 7 hasta 11 no previenen el uso de certificados EV SSL comodines, lo que podría permitir a atacantes remotos falsificar un nivel de confianza mediante el aprovechamiento de la emisión indebida de un certificado comodín por una autoridad de certificación reconocida, también conocido como 'vulnerabilidad de evasión de la funcionalidad de la seguridad de certificación de validación extendida (EV).' • http://secunia.com/advisories/59775 http://www.securityfocus.com/bid/68391 http://www.securitytracker.com/id/1030532 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037 • CWE-264: Permissions, Privileges, and Access Controls •