CVSS: 9.3EPSS: 90%CPEs: 9EXPL: 1CVE-2014-6363 – Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
https://notcve.org/view.php?id=CVE-2014-6363
vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability." vbscript.dll en Microsoft VBScript 5.6 hasta 5.8, utilizado con Internet Explorer 6 hasta 11 y otros productos, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'Vulnerabilidad de la corrupción de memoria de VBScript'. A specially crafted script can cause the VBScript engine to access data before initializing it. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able to control execution flow and execute arbitrary code. This includes all versions of Microsoft Internet Explorer. • https://www.exploit-db.com/exploits/40721 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 91%CPEs: 2EXPL: 0CVE-2014-6366
https://notcve.org/view.php?id=CVE-2014-6366
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 y 7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'Vulnerabilidad de la corrupción de memoria de Internet Explorer'. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 84%CPEs: 6EXPL: 0CVE-2014-6374 – Microsoft Internet Explorer RtfToForeign32 Out-Of-Bounds Indexing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6374
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer'. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arguments passed to the RtfToForeign32 function. By manipulating a document's elements an attacker can access data outside the bounds of an allocated buffer. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 56%CPEs: 3EXPL: 0CVE-2014-8966 – Microsoft Internet Explorer CInputElement Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-8966
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 hasta 8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer.' This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of of CInput elements. By manipulating a document's elements an attacker can force a type confusion error while processing an element's event handler. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 79%CPEs: 6EXPL: 0CVE-2014-6341 – Microsoft Internet Explorer CStyleSheet::get_parentStyleSheet Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6341
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4143. Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Internet Explorer', una vulnerabilidad diferente a CVE-2014-4143. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to the way Internet Explorer tracks the relationship between two CSS stylesheets when one is imported by the other. The imported stylesheet continues to refer to its parent stylesheet even after the parent stylesheet is no longer valid. • http://www.securityfocus.com/bid/70338 http://www.securitytracker.com/id/1031185 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065 • CWE-399: Resource Management Errors •