Executive Summary

Summary
TitleCumulative Security Update for Internet Explorer
Informations
NameMS14-035First vendor Publication2014-06-10
VendorMicrosoftLast vendor Modification2014-06-17
Severity (Vendor) VersionRevision1.1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Critical
Revision Note: V1.1 (June 17, 2014): Corrected the severity table and vulnerability information to add CVE-2014-2782 as a vulnerability addressed by this update. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
Summary: This security update resolves two publicly disclosed vulnerabilities and fifty-eight privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS14-035

CWE : Common Weakness Enumeration

%idName
86 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
5 %CWE-94Failure to Control Generation of Code ('Code Injection')
3 %CWE-264Permissions, Privileges, and Access Controls
2 %CWE-399Resource Management Errors
2 %CWE-310Cryptographic Issues
2 %CWE-200Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24875
 
Oval ID: oval:org.mitre.oval:def:24875
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1802) - MS14-035
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1802
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24823
 
Oval ID: oval:org.mitre.oval:def:24823
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1762) - MS14-035
Description: Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1762
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24913
 
Oval ID: oval:org.mitre.oval:def:24913
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1773) - MS14-035
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1773
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24600
 
Oval ID: oval:org.mitre.oval:def:24600
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1804) - MS14-035
Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1781, CVE-2014-1792, and CVE-2014-2770.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1804
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24890
 
Oval ID: oval:org.mitre.oval:def:24890
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1790) - MS14-035
Description: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1789.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1790
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows 7
Microsoft Windows 8
Product(s): Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24810
 
Oval ID: oval:org.mitre.oval:def:24810
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1775) - MS14-035
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1775
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24514
 
Oval ID: oval:org.mitre.oval:def:24514
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2761) - MS14-035
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2772, and CVE-2014-2776.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2761
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24928
 
Oval ID: oval:org.mitre.oval:def:24928
Title: Memory corruption vulnerability in Internet Explorer (CVE-2014-1779) - MS14-035
Description: Microsoft Internet Explorer 6 and 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2014-1796
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26376
 
Oval ID: oval:org.mitre.oval:def:26376
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2782) - MS14-035
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2782
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26515
 
Oval ID: oval:org.mitre.oval:def:26515
Title: Allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2782
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24776
 
Oval ID: oval:org.mitre.oval:def:24776
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1785) - MS14-035
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1786
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24372
 
Oval ID: oval:org.mitre.oval:def:24372
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1797) - MS14-035
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1797
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24959
 
Oval ID: oval:org.mitre.oval:def:24959
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2760) - MS14-035
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2760
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24566
 
Oval ID: oval:org.mitre.oval:def:24566
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1794) - MS14-035
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1794
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24921
 
Oval ID: oval:org.mitre.oval:def:24921
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2757) - MS14-035
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-1803.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2757
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24901
 
Oval ID: oval:org.mitre.oval:def:24901
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2766) - MS14-035
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, and CVE-2014-2775.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2766
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24934
 
Oval ID: oval:org.mitre.oval:def:24934
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2776) - MS14-035
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, and CVE-2014-2772.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2776
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24986
 
Oval ID: oval:org.mitre.oval:def:24986
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1772) - MS14-035
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1772
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24935
 
Oval ID: oval:org.mitre.oval:def:24935
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2754) - MS14-035
Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1774 and CVE-2014-1788.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2754
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24991
 
Oval ID: oval:org.mitre.oval:def:24991
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2758) - MS14-035
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2758
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24815
 
Oval ID: oval:org.mitre.oval:def:24815
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1784) - MS14-035
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1784
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24136
 
Oval ID: oval:org.mitre.oval:def:24136
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2753) - MS14-035
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2753
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24972
 
Oval ID: oval:org.mitre.oval:def:24972
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2771) - MS14-035
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, and CVE-2014-2769.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2771
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24850
 
Oval ID: oval:org.mitre.oval:def:24850
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1785) - MS14-035
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1785
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24580
 
Oval ID: oval:org.mitre.oval:def:24580
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1803) - MS14-035
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-2757.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1803
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24170
 
Oval ID: oval:org.mitre.oval:def:24170
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1770) - MS14-035
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1770
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24690
 
Oval ID: oval:org.mitre.oval:def:24690
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2777) - MS14-035
Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-1778.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2777
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24912
 
Oval ID: oval:org.mitre.oval:def:24912
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-0282) - MS14-035
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0282
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24946
 
Oval ID: oval:org.mitre.oval:def:24946
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1789) - MS14-035
Description: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1790.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1789
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows 7
Microsoft Windows 8
Product(s): Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24965
 
Oval ID: oval:org.mitre.oval:def:24965
Title: Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-1764) - MS14-035
Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1764
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24902
 
Oval ID: oval:org.mitre.oval:def:24902
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2756) - MS14-035
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2756
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24093
 
Oval ID: oval:org.mitre.oval:def:24093
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1799) - MS14-035
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1803, and CVE-2014-2757.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1799
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24943
 
Oval ID: oval:org.mitre.oval:def:24943
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2772) - MS14-035
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, and CVE-2014-2776.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2772
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24835
 
Oval ID: oval:org.mitre.oval:def:24835
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1782) - MS14-035
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1782
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24976
 
Oval ID: oval:org.mitre.oval:def:24976
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1766) - MS14-035
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure referred to triggering a kernel bug with the Internet Explorer exploit payload, but this ID is not for a kernel vulnerability.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1766
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24898
 
Oval ID: oval:org.mitre.oval:def:24898
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2765) - MS14-035
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2766, and CVE-2014-2775.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2765
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24975
 
Oval ID: oval:org.mitre.oval:def:24975
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2767) - MS14-035
Description: Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2014-2767
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24896
 
Oval ID: oval:org.mitre.oval:def:24896
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1783) - MS14-035
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1783
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24945
 
Oval ID: oval:org.mitre.oval:def:24945
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1800) - MS14-035
Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2014-1800
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24996
 
Oval ID: oval:org.mitre.oval:def:24996
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2755) - MS14-035
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2755
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24925
 
Oval ID: oval:org.mitre.oval:def:24925
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1780) - MS14-035
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1780
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24023
 
Oval ID: oval:org.mitre.oval:def:24023
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1795) - MS14-035
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1795
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24999
 
Oval ID: oval:org.mitre.oval:def:24999
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1792) - MS14-035
Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1781, CVE-2014-1804, and CVE-2014-2770.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1792
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24022
 
Oval ID: oval:org.mitre.oval:def:24022
Title: Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-1791) - MS14-035
Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2014-1791
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24465
 
Oval ID: oval:org.mitre.oval:def:24465
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2763) - MS14-035
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2764, CVE-2014-2769, and CVE-2014-2771.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2763
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24933
 
Oval ID: oval:org.mitre.oval:def:24933
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2759) - MS14-035
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2759
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24216
 
Oval ID: oval:org.mitre.oval:def:24216
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2768) - MS14-035
Description: Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2773.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2768
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24749
 
Oval ID: oval:org.mitre.oval:def:24749
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1788) - MS14-035
Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1774 and CVE-2014-2754.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1788
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24252
 
Oval ID: oval:org.mitre.oval:def:24252
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2775) - MS14-035
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, and CVE-2014-2766.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2775
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24112
 
Oval ID: oval:org.mitre.oval:def:24112
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2770) - MS14-035
Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1781, CVE-2014-1792, and CVE-2014-1804.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2770
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24027
 
Oval ID: oval:org.mitre.oval:def:24027
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2769) - MS14-035
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, and CVE-2014-2771.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2769
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24974
 
Oval ID: oval:org.mitre.oval:def:24974
Title: Internet Explorer Information Disclosure Vulnerability (CVE-2014-1777) - MS14-035
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2014-1777
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24506
 
Oval ID: oval:org.mitre.oval:def:24506
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1778) - MS14-035
Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-2777.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1778
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24478
 
Oval ID: oval:org.mitre.oval:def:24478
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2773) - MS14-035
Description: Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2768.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2773
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24882
 
Oval ID: oval:org.mitre.oval:def:24882
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1771) - MS14-035
Description: SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2014-1771
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24937
 
Oval ID: oval:org.mitre.oval:def:24937
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1781) - MS14-035
Description: Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1792, CVE-2014-1804, and CVE-2014-2770.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1781
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24825
 
Oval ID: oval:org.mitre.oval:def:24825
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-2764) - MS14-035
Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-1802, CVE-2014-2756, CVE-2014-2763, CVE-2014-2769, and CVE-2014-2771.
Family: windows Class: vulnerability
Reference(s): CVE-2014-2764
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24687
 
Oval ID: oval:org.mitre.oval:def:24687
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1774) - MS14-035
Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1788 and CVE-2014-2754.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1774
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25024
 
Oval ID: oval:org.mitre.oval:def:25024
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1805) - MS14-035
Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1805
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24899
 
Oval ID: oval:org.mitre.oval:def:24899
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1779) - MS14-035
Description: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1779
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24620
 
Oval ID: oval:org.mitre.oval:def:24620
Title: Internet Explorer Memory Corruption Vulnerability (CVE-2014-1769) - MS14-035
Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.
Family: windows Class: vulnerability
Reference(s): CVE-2014-1769
Version: 5
Platform(s): Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8.1
Product(s): Microsoft Internet Explorer 11
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application7
Os1

ExploitDB Exploits

idDescription
2014-11-10Internet Explorer 8 MS14-035 Use-After-Free Exploit
2014-07-08Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption Po...
2014-06-24Internet Explorer 8, 9 & 10 - CInput Use-After-Free Crash PoC (MS14-035)

Information Assurance Vulnerability Management (IAVM)

DateDescription
2014-06-12IAVM : 2014-A-0079 - Cumulative Security Update for Microsoft Internet Explorer
Severity : Category I - VMSKEY : V0052493

Snort® IPS/IDS

DateDescription
2019-06-18Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 50124 - Revision : 1 - Type : BROWSER-IE
2019-06-18Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 50123 - Revision : 1 - Type : BROWSER-IE
2019-06-04Javascript CollectGarbage use-after-free attempt
RuleID : 50005 - Revision : 1 - Type : BROWSER-IE
2019-06-04Javascript CollectGarbage use-after-free attempt
RuleID : 50004 - Revision : 1 - Type : BROWSER-IE
2019-03-05Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 49084 - Revision : 2 - Type : BROWSER-IE
2019-03-05Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 49083 - Revision : 2 - Type : BROWSER-IE
2017-12-13Microsoft Internet Explorer use after free attempt
RuleID : 44755 - Revision : 2 - Type : BROWSER-IE
2017-12-13Microsoft Internet Explorer use after free attempt
RuleID : 44754 - Revision : 2 - Type : BROWSER-IE
2017-12-13Microsoft Internet Explorer use after free attempt
RuleID : 44752 - Revision : 2 - Type : BROWSER-IE
2017-12-13Microsoft Internet Explorer use after free attempt
RuleID : 44751 - Revision : 2 - Type : BROWSER-IE
2016-03-15Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 37634 - Revision : 1 - Type : BROWSER-IE
2016-03-15Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 37633 - Revision : 3 - Type : BROWSER-IE
2015-07-15Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 34874 - Revision : 3 - Type : BROWSER-IE
2015-07-15Microsoft Internet Explorer CTextElement use after free attempt
RuleID : 34873 - Revision : 4 - Type : BROWSER-IE
2015-06-03Microsoft Internet Explorer onpagehide use after free attempt
RuleID : 34299 - Revision : 3 - Type : BROWSER-IE
2015-02-24Microsoft Internet Explorer CClipStack array index exploitation attempt
RuleID : 33158 - Revision : 3 - Type : BROWSER-IE
2015-02-24Microsoft Internet Explorer CClipStack array index exploitation attempt
RuleID : 33157 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer celement use after free
RuleID : 31404 - Revision : 5 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer celement use after free
RuleID : 31403 - Revision : 5 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer WindowedMarkupContext use after free attempt
RuleID : 31220 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer WindowedMarkupContext use after free attempt
RuleID : 31219 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer use after free attempt
RuleID : 31216 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer use after free attempt
RuleID : 31215 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer CDispNode use after free attempt
RuleID : 31209 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer CDispNode use after free attempt
RuleID : 31208 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer 11 CTreePos child element use-after-free attempt
RuleID : 31207 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer 11 CTreePos child element use-after-free attempt
RuleID : 31206 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer celement use after free attempt
RuleID : 31205 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer celement use after free attempt
RuleID : 31204 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer CRangeSaver use after free attempt
RuleID : 31203 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer CRangeSaver use after free attempt
RuleID : 31202 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer summary node swap use after free attempt
RuleID : 31201 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer summary node swap use after free attempt
RuleID : 31200 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer use after free attempt
RuleID : 31199 - Revision : 4 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer use after free attempt
RuleID : 31198 - Revision : 4 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer CTreeNode onmousemove use-after-free attempt
RuleID : 31197 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer CTreeNode onmousemove use-after-free attempt
RuleID : 31196 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer onpagehide use after free attempt
RuleID : 31194 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer 11 use after free attempt
RuleID : 31193 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer 11 use after free attempt
RuleID : 31192 - Revision : 3 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer RemoveSplice use-after-free attempt
RuleID : 31191 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer RemoveSplice use-after-free attempt
RuleID : 31190 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer isIndex attribute overflow attempt
RuleID : 31189 - Revision : 2 - Type : BROWSER-IE
2014-11-16Microsoft Internet Explorer isIndex attribute overflow attempt
RuleID : 31188 - Revision : 2 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

DateDescription
2014-06-11Name : The remote host has a web browser that is affected by multiple vulnerabilities.
File : smb_nt_ms14-035.nasl - Type : ACT_GATHER_INFO
2014-05-22Name : The remote host has a version of Internet Explorer installed that is affected...
File : smb_ie_cve_2014_1770.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
DateInformations
2015-07-15 21:23:06
  • Multiple Updates
2015-06-03 21:26:57
  • Multiple Updates
2015-02-24 21:25:00
  • Multiple Updates
2014-11-16 21:25:26
  • Multiple Updates
2014-11-11 17:23:07
  • Multiple Updates
2014-07-22 17:21:24
  • Multiple Updates
2014-06-25 17:24:06
  • Multiple Updates
2014-06-19 17:27:07
  • Multiple Updates
2014-06-17 21:28:32
  • Multiple Updates
2014-06-17 21:17:02
  • Multiple Updates
2014-06-16 05:23:18
  • Multiple Updates
2014-06-13 09:26:09
  • Multiple Updates
2014-06-11 17:25:37
  • Multiple Updates
2014-06-11 13:24:41
  • Multiple Updates
2014-06-11 09:25:42
  • Multiple Updates
2014-06-10 21:28:13
  • Multiple Updates
2014-06-10 21:17:35
  • First insertion