CVSS: 10.0EPSS: 97%CPEs: 20EXPL: 2CVE-2015-0311 – Adobe Flash Player Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0311
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. Vulnerabilidad no especificada en Adobe Flash Player hasta 13.0.0.262 y 14.x, 15.x, y 16.x hasta 16.0.0.287 en Windows y OS X y hasta 11.2.202.438 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, tal y como fue utilizado activamente en enero del 2015. Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. • https://www.exploit-db.com/exploits/36360 https://github.com/jr64/CVE-2015-0311 http://helpx.adobe.com/security/products/flash-player/apsa15-01.html http://helpx.adobe.com/security/products/flash-player/apsb15-03.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html http://secunia.com/advisories/62432 http: •
CVSS: 8.8EPSS: 35%CPEs: 28EXPL: 0CVE-2014-4123 – Microsoft Internet Explorer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-4123
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124. Microsoft Internet Explorer 7 hasta 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'la vulnerabilidad de la elevación de privilegios de Internet Explorer,' tal y como fue utilizado activamente en octubre 2014, una vulnerabilidad diferente a CVE-2014-4124. Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site. • http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx http://secunia.com/advisories/60968 http://www.securityfocus.com/bid/70326 http://www.securitytracker.com/id/1031018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-056 •
CVSS: 8.8EPSS: 15%CPEs: 29EXPL: 0CVE-2014-2817 – Microsoft Internet Explorer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-2817
Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'vulnerabilidad de elevación de privilegios de Internet Explorer.' Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site. • http://www.securityfocus.com/bid/69092 http://www.securitytracker.com/id/1030715 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051 •
CVSS: 10.0EPSS: 96%CPEs: 35EXPL: 1CVE-2014-1776 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2014-1776
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks." Vulnerabilidad de uso después de liberación de memoria en Microsoft Internet Explorer 6 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores relacionados con la función CMarkup::IsConnectedToPrimaryMarkup, tal como fue explotado activamente en abril de 2014. NOTA: este problema se enfatizó originalmente en VGX.DLL, pero Microsoft aclaró que "VGX.DLL no contiene el código vulnerable aprovechado en esta explotación. • http://blogs.technet.com/b/srd/archive/2014/04/30/protection-strategies-for-the-security-advisory-2963983-ie-0day.aspx http://secunia.com/advisories/57908 http://securitytracker.com/id?1030154 http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html http://www.kb.cert.org/vuls/id/222929 http://www.osvdb.org/106311 http://www.securityfocus.com/bid/67075 http://www.signalsec.com/cve-20 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 60%CPEs: 31EXPL: 1CVE-2013-7331 – Microsoft Internet Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2013-7331
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. El control ActiveX Microsoft.XMLDOM en Microsoft Windows 8.1 y anteriores permite a atacantes remotos determinar la existencia de nombres de rutas locales, nombres de rutas compartidas UNC, nombres de host de intranet y direcciones IP de intranet mediante el exámen de códigos erróneos, tal y como se demostró por medio de una URL res:// y explotado activamente en febrero 2014. An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications. • http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html http://www.kb.cert.org/vuls/id/539289 http://www.securitytracker.com/id/1030818 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052 https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •