CVSS: 7.5EPSS: 9%CPEs: 4EXPL: 1CVE-2014-2777 – Microsoft Internet Explorer Protected Mode Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2014-2777
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-1778. Microsoft Internet Explorer 8 hasta 11 permite a atacantes remotos ejecutar secuencias de comandos web arbitrarias con privilegios incrementados a través de vectores no especificados, también conocido como 'Vulnerabilidad de Elevación de Privilegios de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-1778. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ability to write files to arbitrary locations. The issue lies in the failure to reset state when a user cancels a file save dialog. • https://www.exploit-db.com/exploits/34010 http://www.securityfocus.com/archive/1/532799/100/0/threaded http://www.securityfocus.com/bid/67892 http://www.securitytracker.com/id/1030370 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 82%CPEs: 6EXPL: 1CVE-2014-2757 – Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2757
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-1803. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'Vulnerabilidad de Corrupción de Memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799 y CVE-2014-1803. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of CElement objects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • https://www.exploit-db.com/exploits/34010 http://www.securityfocus.com/bid/67842 http://www.securitytracker.com/id/1030370 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 72%CPEs: 6EXPL: 1CVE-2014-1770 – Microsoft Internet Explorer CMarkup Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1770
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function. Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 8 permite a atacantes remotos ejecutar código arbitrario a través de código JavaScript manipulado que no interactúa debidamente con una llamada de la función CollectGarbage function en un objeto CMarkup asignado por la función CMarkup::CreateInitialMarkup. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CMarkup objects. The allocation initially happens within CMarkup::CreateInitialMarkup. • https://www.exploit-db.com/exploits/34010 http://www.kb.cert.org/vuls/id/239151 http://www.securityfocus.com/bid/67544 http://www.securitytracker.com/id/1030266 http://zerodayinitiative.com/advisories/ZDI-14-140 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035 https://www.corelan.be/index.php/2014/05/22/on-cve-2014-1770-zdi-14-140-internet-explorer-8-0day • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 96%CPEs: 6EXPL: 1CVE-2014-1815 – Microsoft Internet Explorer - Memory Corruption (PoC) (MS14-029)
https://notcve.org/view.php?id=CVE-2014-1815
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0310. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, tal y como fue demostrado activamente en mayo 2014, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-0310. • https://www.exploit-db.com/exploits/34458 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 81%CPEs: 6EXPL: 0CVE-2014-0310 – Microsoft Internet Explorer Attribute Double Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0310
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1815. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-1815. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of an element's attributes. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •