CVSS: 7.5EPSS: 81%CPEs: 6EXPL: 1CVE-2014-1762 – (Pwn2Own\Pwn4Fun) Microsoft Internet Explorer localhost Protected Mode Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2014-1762
Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014. Vulnerabilidad no especificada en Microsoft Internet Explorer 6 hasta la versión 11 permite a atacantes remotos ejecutar código arbitario con privilegios de integridad media y eludir un mecanismo de protección sandbox a través de vectores desconocidos, según lo demostrado por ZDI durante una competición Pwn4Fun en CanSecWest 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ability to trick the broker into loading a malicious page in a privileged context. The issue lies in the implicit trust of navigating to localhost. • https://www.exploit-db.com/exploits/34010 http://twitter.com/thezdi/statuses/443810610958958592 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one http://www.securityfocus.com/bid/67511 http://www.securitytracker.com/id/1030370 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035 •
CVSS: 9.3EPSS: 28%CPEs: 3EXPL: 1CVE-2014-1766 – Microsoft Internet Explorer CDispNodeBase Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1766
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure referred to triggering a kernel bug with the Internet Explorer exploit payload, but this ID is not for a kernel vulnerability. Microsoft Internet Explorer 9 hasta la versión 11 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, según lo demostrado por Sebastian Apelt y Andreas Schmidt durante una competición Pwn2Own en CanSecWest 2014. NOTA: la divulgación original se refería al desencadenamiento de un error del kernel explotado con la carga de Internet Explorer, pero este ID no es para una vulnerabilidad del kernel. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. • https://www.exploit-db.com/exploits/34010 http://twitter.com/thezdi/statuses/444216845734666240 http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two http://www.securityfocus.com/bid/67518 http://www.securitytracker.com/id/1030370 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 25%CPEs: 1EXPL: 0CVE-2014-0325 – Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0325
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that triggers improper processing of CElement objects, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755. NOTE: MS14-018 originally had a typo of CVE-2014-0235 for this. Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 9 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado que provoca el procesamiento erróneo de objetos CElement, también conocido como 'vulnerabilidad de corrupción de memoria de Internet Explorer,' una vulnerabilidad diferente a CVE-2014-1751 y CVE-2014-1755. NOTA: MS14-018 originalmente tenía una errata de CVE-2014-0235 para esto. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. • http://www.securityfocus.com/bid/66646 http://zerodayinitiative.com/advisories/ZDI-14-078 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-018 •
CVSS: 9.3EPSS: 88%CPEs: 1EXPL: 0CVE-2014-1751
https://notcve.org/view.php?id=CVE-2014-1751
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0235 and CVE-2014-1755. Microsoft Internet Explorer 9 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un sitio Web manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria de Internet Explorer," una vulnerabilidad diferente a CVE-2014-0235 y CVE-2014-1755. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-018 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 88%CPEs: 2EXPL: 0CVE-2014-1752
https://notcve.org/view.php?id=CVE-2014-1752
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Microsoft Internet Explorer 6 y 7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de memoria (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Vulnerabilidad de Corrupción de Memoria de Internet Explorer." • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-018 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •