Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update for Internet Explorer (2975687) |
Informations | |||
---|---|---|---|
Name | MS14-037 | First vendor Publication | 2014-07-08 |
Vendor | Microsoft | Last vendor Modification | 2014-07-29 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Severity Rating: Critical |
Original Source
Url : https://technet.microsoft.com/en-us/library/security/MS14-037 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
88 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
8 % | CWE-399 | Resource Management Errors |
4 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:24280 | |||
Oval ID: | oval:org.mitre.oval:def:24280 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2806 (MS14-037) | ||
Description: | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, and CVE-2014-2802. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2806 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24496 | |||
Oval ID: | oval:org.mitre.oval:def:24496 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2795 (MS14-037) | ||
Description: | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2798, and CVE-2014-2804. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2795 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24744 | |||
Oval ID: | oval:org.mitre.oval:def:24744 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2789 (MS14-037) | ||
Description: | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2795, CVE-2014-2798, and CVE-2014-2804. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2789 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24805 | |||
Oval ID: | oval:org.mitre.oval:def:24805 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2785 (MS14-037) | ||
Description: | Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2785 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer 7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24895 | |||
Oval ID: | oval:org.mitre.oval:def:24895 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2798 (MS14-037) | ||
Description: | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2795, and CVE-2014-2804. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2798 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24904 | |||
Oval ID: | oval:org.mitre.oval:def:24904 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2794 (MS14-037) | ||
Description: | Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2788. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2794 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24910 | |||
Oval ID: | oval:org.mitre.oval:def:24910 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2792 (MS14-037) | ||
Description: | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2786 and CVE-2014-2813. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2792 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24915 | |||
Oval ID: | oval:org.mitre.oval:def:24915 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2790 (MS14-037) | ||
Description: | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2802, and CVE-2014-2806. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2790 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24917 | |||
Oval ID: | oval:org.mitre.oval:def:24917 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2788 (MS14-037) | ||
Description: | Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2794. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2788 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24967 | |||
Oval ID: | oval:org.mitre.oval:def:24967 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2813 (MS14-037) | ||
Description: | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2786 and CVE-2014-2792. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2813 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24990 | |||
Oval ID: | oval:org.mitre.oval:def:24990 | ||
Title: | Extended Validation (EV) Certificate Security Feature Bypass Vulnerability - CVE-2014-2783 (MS14-037) | ||
Description: | Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka "Extended Validation (EV) Certificate Security Feature Bypass Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2783 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25012 | |||
Oval ID: | oval:org.mitre.oval:def:25012 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-1763 (MS14-037) | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1763 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25034 | |||
Oval ID: | oval:org.mitre.oval:def:25034 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2809 (MS14-037) | ||
Description: | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2800 and CVE-2014-2807. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2809 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25048 | |||
Oval ID: | oval:org.mitre.oval:def:25048 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2791 (MS14-037) | ||
Description: | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2791 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25063 | |||
Oval ID: | oval:org.mitre.oval:def:25063 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2787 (MS14-037) | ||
Description: | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2790, CVE-2014-2802, and CVE-2014-2806. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2787 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25096 | |||
Oval ID: | oval:org.mitre.oval:def:25096 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-1765 (MS14-037) | ||
Description: | Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1765 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25105 | |||
Oval ID: | oval:org.mitre.oval:def:25105 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2803 (MS14-037) | ||
Description: | Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2803 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25143 | |||
Oval ID: | oval:org.mitre.oval:def:25143 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2804 (MS14-037) | ||
Description: | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2795, and CVE-2014-2798. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2804 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25165 | |||
Oval ID: | oval:org.mitre.oval:def:25165 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2797 (MS14-037) | ||
Description: | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2797 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25182 | |||
Oval ID: | oval:org.mitre.oval:def:25182 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2807 (MS14-037) | ||
Description: | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2800 and CVE-2014-2809. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2807 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25190 | |||
Oval ID: | oval:org.mitre.oval:def:25190 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2786 (MS14-037) | ||
Description: | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2792 and CVE-2014-2813. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2786 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25207 | |||
Oval ID: | oval:org.mitre.oval:def:25207 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2800 (MS14-037) | ||
Description: | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2807 and CVE-2014-2809. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2800 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25208 | |||
Oval ID: | oval:org.mitre.oval:def:25208 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2802 (MS14-037) | ||
Description: | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, and CVE-2014-2806. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2802 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25219 | |||
Oval ID: | oval:org.mitre.oval:def:25219 | ||
Title: | Internet Explorer Memory Corruption Vulnerability - CVE-2014-2801 (MS14-037) | ||
Description: | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-2801 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-07-10 | IAVM : 2014-A-0094 - Cumulative Security Update for Microsoft Internet Explorer Severity : Category I - VMSKEY : V0052947 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-06-03 | Microsoft Internet Explorer BSTR use after free attempt RuleID : 34321 - Revision : 4 - Type : BROWSER-IE |
2015-06-03 | Microsoft Internet Explorer BSTR use after free attempt RuleID : 34320 - Revision : 4 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer BSTR use after free attempt RuleID : 31391 - Revision : 4 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer BSTR use after free attempt RuleID : 31390 - Revision : 4 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer improper object cast memory corruption attempt RuleID : 31389 - Revision : 3 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer improper object cast memory corruption attempt RuleID : 31388 - Revision : 3 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer CLayout object user after free attempt RuleID : 31387 - Revision : 2 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer CLayout object user after free attempt RuleID : 31386 - Revision : 2 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer use after free attempt RuleID : 31385 - Revision : 4 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer use after free attempt RuleID : 31384 - Revision : 4 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer uninitialized object use after free attempt RuleID : 31383 - Revision : 2 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer uninitialized object use after free attempt RuleID : 31382 - Revision : 2 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer 11 onpropertychange remote code execution attempt RuleID : 31381 - Revision : 4 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer 11 onpropertychange remote code execution attempt RuleID : 31380 - Revision : 4 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-07-08 | Name : The remote host has a web browser that is affected by multiple vulnerabilities. File : smb_nt_ms14-037.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-02-09 05:20:37 |
|
2015-06-03 21:26:57 |
|
2014-11-16 21:25:26 |
|
2014-07-30 05:31:21 |
|
2014-07-30 05:22:19 |
|
2014-07-17 09:28:09 |
|
2014-07-12 00:21:51 |
|
2014-07-09 13:25:41 |
|
2014-07-09 05:27:32 |
|
2014-07-08 21:29:31 |
|
2014-07-08 21:18:12 |
|