Executive Summary

Summary
TitleSecurity Update for Internet Explorer
Informations
NameMS14-029First vendor Publication2014-05-13
VendorMicrosoftLast vendor Modification2014-05-27
Severity (Vendor) VersionRevision1.2

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Critical
Revision Note: V1.2 (May 27, 2014): Bulletin revised to correct the update replacement for the Internet Explorer 11 updates and to announce a detection change in the 2961851 update. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves two privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS14-029

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24654
 
Oval ID: oval:org.mitre.oval:def:24654
Title: Internet Explorer memory corruption vulnerability (CVE-2014-1815) - MS14-029
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0310.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1815
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24476
 
Oval ID: oval:org.mitre.oval:def:24476
Title: Internet Explorer memory corruption vulnerability (CVE-2014-0310) - MS14-029
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1815.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0310
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application6

Information Assurance Vulnerability Management (IAVM)

DateDescription
2014-05-15IAVM : 2014-A-0072 - Multiple Vulnerabilities in Microsoft Internet Explorer
Severity : Category I - VMSKEY : V0050435

Snort® IPS/IDS

DateDescription
2014-06-12Microsoft Internet Explorer CElement use after free attempt
RuleID : 30964 - Revision : 2 - Type : BROWSER-IE
2014-06-12Microsoft Internet Explorer CElement use after free attempt
RuleID : 30963 - Revision : 4 - Type : BROWSER-IE
2014-06-12Microsoft Internet Explorer CElement use after free attempt
RuleID : 30962 - Revision : 2 - Type : BROWSER-IE
2014-06-12Microsoft Internet Explorer CElement use after free attempt
RuleID : 30961 - Revision : 4 - Type : BROWSER-IE
2014-06-12Microsoft Internet Explorer deleted object memory corruption attempt
RuleID : 30957 - Revision : 2 - Type : BROWSER-IE
2014-06-12Microsoft Internet Explorer deleted object memory corruption attempt
RuleID : 30956 - Revision : 2 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

DateDescription
2014-05-14Name : The remote host has a web browser that is affected by multiple memory corrupt...
File : smb_nt_ms14-029.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
DateInformations
2014-06-12 21:24:18
  • Multiple Updates
2014-05-27 21:27:25
  • Multiple Updates
2014-05-27 21:17:22
  • Multiple Updates
2014-05-22 05:25:15
  • Multiple Updates
2014-05-22 05:17:26
  • Multiple Updates
2014-05-17 00:22:16
  • Multiple Updates
2014-05-15 13:24:15
  • Multiple Updates
2014-05-14 17:25:35
  • Multiple Updates
2014-05-13 21:27:46
  • Multiple Updates
2014-05-13 21:17:04
  • First insertion