CVSS: 8.8EPSS: 16%CPEs: 28EXPL: 0CVE-2014-4123 – Microsoft Internet Explorer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-4123
15 Oct 2014 — Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124. Microsoft Internet Explorer 7 hasta 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'la vulnerabilidad de la elevación de privilegios de Internet Explorer,' tal y como fue utilizado activamente ... • http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx •
CVSS: 9.3EPSS: 32%CPEs: 11EXPL: 0CVE-2014-4148 – Microsoft Windows Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4148
15 Oct 2014 — win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability." win32k.sys en los controladores del modo de kernel en Microsoft Windows Server 2003 SP2, Window... • http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2014-0318
https://notcve.org/view.php?id=CVE-2014-0318
12 Aug 2014 — win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." win32k.sys en los controladores de modo kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP... • http://secunia.com/advisories/60673 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.3EPSS: 0%CPEs: 12EXPL: 0CVE-2014-1814
https://notcve.org/view.php?id=CVE-2014-1814
12 Aug 2014 — The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that invokes the repair feature for a different application, aka "Windows Installer Repair Vulnerability." Windows Installer en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Wi... • http://secunia.com/advisories/60674 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2014-1819
https://notcve.org/view.php?id=CVE-2014-1819
12 Aug 2014 — win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to objects associated with font files, which allows local users to gain privileges via a crafted file, aka "Font Double-Fetch Vulnerability." win32k.sys en los controladores de modo kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Wi... • http://secunia.com/advisories/60673 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 2%CPEs: 12EXPL: 0CVE-2014-4064
https://notcve.org/view.php?id=CVE-2014-4064
12 Aug 2014 — The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly handle use of the paged kernel pool for allocation of uninitialized memory, which allows local users to obtain sensitive information about kernel addresses via a crafted application, aka "Windows Kernel Pool Allocation Vulnerability." Los controladores de modo kernel en Microsoft Windows Vista SP2, Wind... • http://secunia.com/advisories/60673 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 23%CPEs: 29EXPL: 0CVE-2014-2817 – Microsoft Internet Explorer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-2817
12 Aug 2014 — Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'vulnerabilidad de elevación de privilegios de Internet Explorer.' Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web ... • http://www.securityfocus.com/bid/69092 •
CVSS: 7.8EPSS: 44%CPEs: 11EXPL: 4CVE-2014-1767 – Microsoft Windows AFD.SYS Dangling Pointer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-1767
08 Jul 2014 — Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." Vulnerabilidad de doble liberación en Ancillary Function Driver (AFD) en afd.sys ... • https://packetstorm.news/files/id/135795 • CWE-415: Double Free •
CVSS: 9.3EPSS: 44%CPEs: 12EXPL: 0CVE-2014-1817
https://notcve.org/view.php?id=CVE-2014-1817
11 Jun 2014 — usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EMF+ record in a font file... • http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 42%CPEs: 12EXPL: 0CVE-2014-1818
https://notcve.org/view.php?id=CVE-2014-1818
11 Jun 2014 — GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code via a crafted EMF+ record in an image file, aka "GDI+ Image Parsing Vulnerability." GDI+ en Microsoft Windows Server 2003 SP2, Windows Vista S... • http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx • CWE-20: Improper Input Validation •