CVSS: 7.8EPSS: 78%CPEs: 11EXPL: 13CVE-2014-4113 – Microsoft Win32k Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-4113
15 Oct 2014 — win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability." win32k.sys en los controladores de modo de kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Serv... • https://packetstorm.news/files/id/128861 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-4115
https://notcve.org/view.php?id=CVE-2014-4115
15 Oct 2014 — fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a denial of service (reserved-memory write) by connecting a crafted USB device, aka "Microsoft Windows Disk Partition Driver Elevation of Privilege Vulnerability." fastfat.sys (también conocido como the FASTFAT driver) en los controladores de modo de kernel en Micr... • http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 16%CPEs: 28EXPL: 0CVE-2014-4123 – Microsoft Internet Explorer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-4123
15 Oct 2014 — Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," as exploited in the wild in October 2014, a different vulnerability than CVE-2014-4124. Microsoft Internet Explorer 7 hasta 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'la vulnerabilidad de la elevación de privilegios de Internet Explorer,' tal y como fue utilizado activamente ... • http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx •
CVSS: 9.3EPSS: 32%CPEs: 11EXPL: 0CVE-2014-4148 – Microsoft Windows Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-4148
15 Oct 2014 — win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability." win32k.sys en los controladores del modo de kernel en Microsoft Windows Server 2003 SP2, Window... • http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspx • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 2%CPEs: 12EXPL: 0CVE-2014-4064
https://notcve.org/view.php?id=CVE-2014-4064
12 Aug 2014 — The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly handle use of the paged kernel pool for allocation of uninitialized memory, which allows local users to obtain sensitive information about kernel addresses via a crafted application, aka "Windows Kernel Pool Allocation Vulnerability." Los controladores de modo kernel en Microsoft Windows Vista SP2, Wind... • http://secunia.com/advisories/60673 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 23%CPEs: 29EXPL: 0CVE-2014-2817 – Microsoft Internet Explorer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-2817
12 Aug 2014 — Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ganar privilegios a través de un sitio web manipulado, también conocido como 'vulnerabilidad de elevación de privilegios de Internet Explorer.' Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web ... • http://www.securityfocus.com/bid/69092 •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2014-0318
https://notcve.org/view.php?id=CVE-2014-0318
12 Aug 2014 — win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to thread-owned objects, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." win32k.sys en los controladores de modo kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP... • http://secunia.com/advisories/60673 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.3EPSS: 0%CPEs: 12EXPL: 0CVE-2014-1814
https://notcve.org/view.php?id=CVE-2014-1814
12 Aug 2014 — The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that invokes the repair feature for a different application, aka "Windows Installer Repair Vulnerability." Windows Installer en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Wi... • http://secunia.com/advisories/60674 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2014-1819
https://notcve.org/view.php?id=CVE-2014-1819
12 Aug 2014 — win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to objects associated with font files, which allows local users to gain privileges via a crafted file, aka "Font Double-Fetch Vulnerability." win32k.sys en los controladores de modo kernel en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Wi... • http://secunia.com/advisories/60673 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 38%CPEs: 11EXPL: 4CVE-2014-1767 – Microsoft Windows AFD.SYS Dangling Pointer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2014-1767
08 Jul 2014 — Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." Vulnerabilidad de doble liberación en Ancillary Function Driver (AFD) en afd.sys ... • https://packetstorm.news/files/id/135795 • CWE-415: Double Free •