CVSS: 7.8EPSS: 3%CPEs: 12EXPL: 0CVE-2014-1807
https://notcve.org/view.php?id=CVE-2014-1807
14 May 2014 — The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly implement file associations, which allows local users to gain privileges via a crafted application, as exploited in the wild in May 2014, aka "Windows Shell File Association Vulnerability." La API ShellExecute en Windows Shell en Microsoft Windows Server 2003 SP2... • http://www.securityfocus.com/bid/67276 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 76%CPEs: 35EXPL: 1CVE-2014-1776 – Microsoft Internet Explorer Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2014-1776
27 Apr 2014 — Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediat... • http://blogs.technet.com/b/srd/archive/2014/04/30/protection-strategies-for-the-security-advisory-2963983-ie-0day.aspx • CWE-416: Use After Free •
CVSS: 7.3EPSS: 29%CPEs: 14EXPL: 0CVE-2014-0315
https://notcve.org/view.php?id=CVE-2014-0315
08 Apr 2014 — Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability." Vulnerabilidad de ruta de búsqueda en Microsof... • http://blogs.technet.com/b/srd/archive/2014/04/08/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file.aspx • CWE-426: Untrusted Search Path •
CVSS: 7.2EPSS: 0%CPEs: 14EXPL: 0CVE-2014-0300
https://notcve.org/view.php?id=CVE-2014-0300
12 Mar 2014 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." win32k.sys en los controladores en modo kernel en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-015 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 21%CPEs: 11EXPL: 0CVE-2014-0301
https://notcve.org/view.php?id=CVE-2014-0301
12 Mar 2014 — Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka "DirectShow Memory Corruption Vulnerability." Vulnerabilidad de doble liberación en qedit.dll en DirectShow en Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, ... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-013 • CWE-415: Double Free •
CVSS: 9.1EPSS: 11%CPEs: 10EXPL: 0CVE-2014-0317
https://notcve.org/view.php?id=CVE-2014-0317
12 Mar 2014 — The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability." La implementación del protocolo Security Account Manager Remote (S... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-016 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.6EPSS: 1%CPEs: 14EXPL: 0CVE-2014-0323
https://notcve.org/view.php?id=CVE-2014-0323
12 Mar 2014 — win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability." win32k.sys en los controladores en modo kernel en Microsoft Window... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-015 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 85%CPEs: 31EXPL: 2CVE-2013-7331 – Microsoft Internet Explorer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2013-7331
26 Feb 2014 — The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. El control ActiveX Microsoft.XMLDOM en Microsoft Windows 8.1 y anteriores permite a atacantes remotos determinar la existencia de nombres de rutas locales, nombres de rutas compartidas UNC, nombres... • https://packetstorm.news/files/id/180667 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.1EPSS: 37%CPEs: 14EXPL: 0CVE-2014-0266
https://notcve.org/view.php?id=CVE-2014-0266
12 Feb 2014 — The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability." Los controles ActiveX XMLHTTP en XML Core Services 3.0 en Microsoft Windows XP SP2... • http://osvdb.org/103189 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 37%CPEs: 14EXPL: 0CVE-2013-5056
https://notcve.org/view.php?id=CVE-2013-5056
11 Dec 2013 — Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-099 • CWE-416: Use After Free •