Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update for Internet Explorer (2909921) |
Informations | |||
---|---|---|---|
Name | MS14-010 | First vendor Publication | 2014-02-11 |
Vendor | Microsoft | Last vendor Modification | 2014-02-11 |
Severity (Vendor) | Critical | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (February 11, 2014): Bulletin published. |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms14-010 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
92 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
4 % | CWE-264 | Permissions, Privileges, and Access Controls |
4 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21717 | |||
Oval ID: | oval:org.mitre.oval:def:21717 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0290) - MS14-010 | ||
Description: | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0267 and CVE-2014-0289. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0290 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21831 | |||
Oval ID: | oval:org.mitre.oval:def:21831 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0275) - MS14-010 | ||
Description: | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0285 and CVE-2014-0286. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0275 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21998 | |||
Oval ID: | oval:org.mitre.oval:def:21998 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0272) - MS14-010 | ||
Description: | Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0272 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows 7 Microsoft Windows 8 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22000 | |||
Oval ID: | oval:org.mitre.oval:def:22000 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0280) - MS14-010 | ||
Description: | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0280 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22065 | |||
Oval ID: | oval:org.mitre.oval:def:22065 | ||
Title: | VBScript Memory Corruption Vulnerability (CVE-2014-0271) - MS14-010, MS14-011 | ||
Description: | The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0271 | Version: | 10 |
Platform(s): | Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | VBScript 5.6 VBScript 5.7 VBScript 5.8 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22221 | |||
Oval ID: | oval:org.mitre.oval:def:22221 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0277) - MS14-010 | ||
Description: | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0278 and CVE-2014-0279. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0277 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22230 | |||
Oval ID: | oval:org.mitre.oval:def:22230 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0279) - MS14-010 | ||
Description: | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0278. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0279 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22314 | |||
Oval ID: | oval:org.mitre.oval:def:22314 | ||
Title: | Internet Explorer Cross-domain Information Disclosure Vulnerability - CVE-2014-0293 - MS14-010 | ||
Description: | Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0293 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22335 | |||
Oval ID: | oval:org.mitre.oval:def:22335 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0270) - MS14-010 | ||
Description: | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0273, CVE-2014-0274, and CVE-2014-0288. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0270 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22338 | |||
Oval ID: | oval:org.mitre.oval:def:22338 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0274) - MS14-010 | ||
Description: | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0288. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0274 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22365 | |||
Oval ID: | oval:org.mitre.oval:def:22365 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0276) - MS14-010 | ||
Description: | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0276 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22381 | |||
Oval ID: | oval:org.mitre.oval:def:22381 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0269) - MS14-010 | ||
Description: | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0269 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22385 | |||
Oval ID: | oval:org.mitre.oval:def:22385 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0273) - MS14-010 | ||
Description: | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0274, and CVE-2014-0288. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0273 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22398 | |||
Oval ID: | oval:org.mitre.oval:def:22398 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0283) - MS14-010 | ||
Description: | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0283 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22413 | |||
Oval ID: | oval:org.mitre.oval:def:22413 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0289) - MS14-010 | ||
Description: | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0267 and CVE-2014-0290. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0289 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22443 | |||
Oval ID: | oval:org.mitre.oval:def:22443 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0281) - MS14-010 | ||
Description: | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0287. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0281 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22464 | |||
Oval ID: | oval:org.mitre.oval:def:22464 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0287) - MS14-010 | ||
Description: | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0281. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0287 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22465 | |||
Oval ID: | oval:org.mitre.oval:def:22465 | ||
Title: | Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-0268) - MS14-010 | ||
Description: | Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0268 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22481 | |||
Oval ID: | oval:org.mitre.oval:def:22481 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0288) - MS14-010 | ||
Description: | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0274. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0288 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22509 | |||
Oval ID: | oval:org.mitre.oval:def:22509 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0284) - MS14-010 | ||
Description: | Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0284 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows 7 Microsoft Windows 8 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22510 | |||
Oval ID: | oval:org.mitre.oval:def:22510 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0286) - MS14-010 | ||
Description: | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0285. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0286 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22516 | |||
Oval ID: | oval:org.mitre.oval:def:22516 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0278) - MS14-010 | ||
Description: | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0279. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0278 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22546 | |||
Oval ID: | oval:org.mitre.oval:def:22546 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0267) - MS14-010 | ||
Description: | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0289 and CVE-2014-0290. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0267 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 R2 Microsoft Windows 8.1 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22559 | |||
Oval ID: | oval:org.mitre.oval:def:22559 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2014-0285) - MS14-010 | ||
Description: | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0286. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0285 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-02-13 | IAVM : 2014-A-0025 - Microsoft VBScript Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0044034 |
2014-02-13 | IAVM : 2014-A-0023 - Cumulative Security Update for Microsoft Internet Explorer Severity : Category I - VMSKEY : V0044038 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-15 | Microsoft Internet Explorer type confusion attempt RuleID : 43580 - Revision : 3 - Type : BROWSER-IE |
2017-08-15 | Microsoft Internet Explorer type confusion attempt RuleID : 43579 - Revision : 3 - Type : BROWSER-IE |
2015-08-14 | Microsoft Internet Explorer replaceChild function memory corruption attempt RuleID : 35115 - Revision : 3 - Type : BROWSER-IE |
2015-08-14 | Microsoft Internet Explorer replaceChild function memory corruption attempt RuleID : 35114 - Revision : 3 - Type : BROWSER-IE |
2015-02-18 | Microsoft Internet Explorer CInput element user after free attempt RuleID : 33094 - Revision : 5 - Type : BROWSER-IE |
2015-02-18 | Microsoft Internet Explorer CInput element user after free attempt RuleID : 33093 - Revision : 5 - Type : BROWSER-IE |
2014-12-02 | Microsoft Internet Explorer overlapping object boundaries memory corruption a... RuleID : 32365 - Revision : 2 - Type : BROWSER-IE |
2014-12-02 | Microsoft Internet Explorer overlapping object boundaries memory corruption a... RuleID : 32364 - Revision : 5 - Type : BROWSER-IE |
2014-05-28 | Microsoft Internet Explorer type confusion attempt RuleID : 30851 - Revision : 3 - Type : BROWSER-IE |
2014-05-28 | Microsoft Internet Explorer type confusion attempt RuleID : 30850 - Revision : 4 - Type : BROWSER-IE |
2014-05-28 | Microsoft Internet Explorer type confusion attempt RuleID : 30849 - Revision : 4 - Type : BROWSER-IE |
2014-05-28 | Microsoft Internet Explorer CElement event handler use after free attempt RuleID : 30848 - Revision : 2 - Type : BROWSER-IE |
2014-05-28 | Microsoft Internet Explorer CElement event handler use after free attempt RuleID : 30847 - Revision : 2 - Type : BROWSER-IE |
2014-04-12 | Microsoft Internet Explorer CSS uninitialized object access attempt detected RuleID : 30169 - Revision : 2 - Type : BROWSER-IE |
2014-04-10 | Microsoft Internet Explorer SVG handling use after free attempt RuleID : 30082 - Revision : 2 - Type : BROWSER-IE |
2014-04-10 | Microsoft Internet Explorer SVG handling use after free attempt RuleID : 30081 - Revision : 2 - Type : BROWSER-IE |
2014-04-10 | Microsoft Internet Explorer SVG handling use after free attempt RuleID : 30080 - Revision : 2 - Type : BROWSER-IE |
2014-04-10 | Microsoft Internet Explorer SVG handling use after free attempt RuleID : 30079 - Revision : 2 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer CInput element user after free attempt RuleID : 29744 - Revision : 6 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer CInput element user after free attempt RuleID : 29743 - Revision : 6 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer deleted object access memory corruption attempt RuleID : 29742 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer deleted object access memory corruption attempt RuleID : 29741 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer cmarkup methods use after free attempt RuleID : 29738 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer cmarkup methods use after free attempt RuleID : 29737 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer selectall use after free attempt RuleID : 29736 - Revision : 9 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer selectall use after free attempt RuleID : 29735 - Revision : 9 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer overlapping object boundaries memory corruption a... RuleID : 29734 - Revision : 7 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer overlapping object boundaries memory corruption a... RuleID : 29733 - Revision : 7 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer list element use after free attempt RuleID : 29732 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer list element use after free attempt RuleID : 29731 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer CElement event handler use after free attempt RuleID : 29730 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer CElement event handler use after free attempt RuleID : 29729 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer CElement event handler use after free attempt RuleID : 29728 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer CElement event handler use after free attempt RuleID : 29727 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer use after free attempt RuleID : 29722 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer use after free attempt RuleID : 29721 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer SLayoutRun use after free attempt RuleID : 29720 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer SLayoutRun use after free attempt RuleID : 29719 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer text node use after free attempt RuleID : 29718 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer text node use after free attempt RuleID : 29717 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer deleted object memory corruption attempt RuleID : 29716 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer CTree Node use after free attempt RuleID : 29712 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer CTree Node use after free attempt RuleID : 29711 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer fontFamily attribute deleted object access memory... RuleID : 29710 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer fontFamily attribute deleted object access memory... RuleID : 29709 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer CSS uninitialized object access attempt detected RuleID : 29708 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer deleted object access attempt detected RuleID : 29707 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer deleted object access attempt detected RuleID : 29706 - Revision : 3 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer swap node user after free RuleID : 29679 - Revision : 5 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer swap node user after free RuleID : 29678 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer CRootElement Object use after free attempt RuleID : 29677 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer CRootElement Object use after free attempt RuleID : 29676 - Revision : 5 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer type confusion attempt RuleID : 29675 - Revision : 7 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer SVG handling use after free attempt RuleID : 29674 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer SVG handling use after free attempt RuleID : 29673 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer SVG handling use after free attempt RuleID : 29672 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer SVG handling use after free attempt RuleID : 29671 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer CTreePos deleted object access attempt RuleID : 29668 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer CTreePos deleted object access attempt RuleID : 29667 - Revision : 4 - Type : BROWSER-IE |
2014-03-13 | Microsoft Internet Explorer 8 use after free attempt RuleID : 29655 - Revision : 3 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-02-12 | Name : The remote host has a web browser that is affected by multiple vulnerabilities. File : smb_nt_ms14-010.nasl - Type : ACT_GATHER_INFO |
2014-02-12 | Name : Arbitrary code can be executed on the remote host through the installed VBScr... File : smb_nt_ms14-011.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-08-14 21:23:52 |
|
2015-02-18 21:24:45 |
|
2014-12-02 21:25:52 |
|
2014-04-12 21:21:32 |
|
2014-04-10 21:21:56 |
|
2014-03-13 21:21:01 |
|
2014-02-17 11:47:56 |
|
2014-02-14 17:19:06 |
|
2014-02-12 21:25:25 |
|
2014-02-12 13:27:02 |
|
2014-02-11 21:17:01 |
|