The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MSIE

computer weakness alert CVE-2014-1770

Internet Explorer 8: use after free via CMarkup

Synthesis of the vulnerability

An attacker can use a freed memory area in the CMarkup class of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Severity: 3/4.
Creation date: 22/05/2014.
Identifiers: 2969262, CVE-2014-1770, MS14-035, VIGILANCE-VUL-14790, VU#239151, ZDI-14-140.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Internet Explorer product uses the MSHTML!CMarkup class when a web document is processed.

The CollectGarbage() method can free a pointer allocated by CMarkup::CreateInitialMarkup(), however it is then reused.

An attacker can therefore use a freed memory area in the CMarkup class of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-0310 CVE-2014-1815

Internet Explorer: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/05/2014.
Identifiers: 2962482, CERTFR-2014-AVI-227, CVE-2014-0310, CVE-2014-1815, MS14-029, VIGILANCE-VUL-14747, ZDI-14-125.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-0310, ZDI-14-125]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1815]
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2014-0511 CVE-2014-0512 CVE-2014-0521

Adobe Reader, Acrobat: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Reader, Acrobat.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 11.
Creation date: 13/05/2014.
Identifiers: 2755801, APSB14-15, CERTFR-2014-AVI-229, CVE-2014-0511, CVE-2014-0512, CVE-2014-0521, CVE-2014-0522, CVE-2014-0523, CVE-2014-0524, CVE-2014-0525, CVE-2014-0526, CVE-2014-0527, CVE-2014-0528, CVE-2014-0529, VIGILANCE-VUL-14739, ZDI-14-128, ZDI-14-131, ZDI-14-132.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Adobe Reader, Acrobat.

An attacker can generate a buffer overflow in a Barcode, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-0511, ZDI-14-131]

An attacker can bypass a security feature, in order to escalate his privileges. [severity:3/4; CVE-2014-0512, ZDI-14-132]

An attacker can use JavaScript, in order to obtain sensitive information. [severity:2/4; CVE-2014-0521]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-0522]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-0523]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-0524]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-0526]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-0525]

An attacker can use a freed memory area via messageHandler, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-0527, ZDI-14-128]

An attacker can use a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-0528]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-0529]
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2014-0515

Adobe Flash Player: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of Adobe Flash Player, in order to trigger a denial of service, and possibly to execute code.
Severity: 3/4.
Creation date: 29/04/2014.
Identifiers: 2755801, APSB14-13, CERTFR-2014-AVI-207, CVE-2014-0515, openSUSE-SU-2014:0585-1, openSUSE-SU-2014:0589-1, RHSA-2014:0447-01, SUSE-SU-2014:0605-1, VIGILANCE-VUL-14671.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Adobe Flash Player product displays animations included in web pages.

However, if the size of data is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow of Adobe Flash Player, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2014-1776

Internet Explorer: use after free in VGX.DLL

Synthesis of the vulnerability

An attacker can use a freed memory area in VGX.DLL of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Severity: 3/4.
Creation date: 28/04/2014.
Identifiers: 2963983, 2965111, CERTFR-2014-ALE-005, CERTFR-2014-AVI-210, CVE-2014-1776, MS14-021, VIGILANCE-VUL-14662, VU#222929.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Vector Markup Language format is used to represent graphics.

The Internet Explorer product uses the VGX.DLL library to display VML documents. However, VGX.DLL can use an object located on a non allocated memory area.

An attacker can therefore use a freed memory area in VGX.DLL of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-0325 CVE-2014-1751 CVE-2014-1752

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 08/04/2014.
Identifiers: 2950467, CERTFR-2014-AVI-158, CVE-2014-0235-ERROR, CVE-2014-0325, CVE-2014-1751, CVE-2014-1752, CVE-2014-1753, CVE-2014-1755, CVE-2014-1760, MS14-018, VIGILANCE-VUL-14554, ZDI-14-078, ZDI-14-079, ZDI-14-080.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can generate a memory corruption via CElement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-0235-ERROR, CVE-2014-0325, ZDI-14-078]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1751]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1752]

An attacker can generate a memory corruption via CAttrArray, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1753, ZDI-14-079]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1755]

An attacker can generate a memory corruption via CFormatCache, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; CVE-2014-1760, ZDI-14-080]
Full Vigil@nce bulletin... (Free trial)

threat CVE-2014-0506 CVE-2014-0507 CVE-2014-0508

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 08/04/2014.
Identifiers: 2755801, APSB14-09, CERTFR-2014-AVI-163, CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509, openSUSE-SU-2014:0520-1, openSUSE-SU-2014:0549-1, RHSA-2014:0380-01, SUSE-SU-2014:0535-1, VIGILANCE-VUL-14552, ZDI-14-070, ZDI-14-092.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can use a freed memory area via ExternalInterface, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-0506, ZDI-14-092]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-0507, ZDI-14-070]

An attacker can bypass a security feature, in order to obtain sensitive information. [severity:2/4; CVE-2014-0508]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2014-0509]
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2014-0503 CVE-2014-0504

Adobe Flash Player: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 11/03/2014.
Identifiers: 2755801, APSB14-08, CERTFR-2014-AVI-115, CVE-2014-0503, CVE-2014-0504, openSUSE-SU-2014:0377-1, openSUSE-SU-2014:0379-1, RHSA-2014:0289-01, SUSE-SU-2014:0387-1, VIGILANCE-VUL-14402.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can bypass the same origin policy, in order to obtain sensitive information coming from another web site. [severity:2/4; CVE-2014-0503]

An attacker can read the content of the clipboard, in order to obtain sensitive information. [severity:2/4; CVE-2014-0504]
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2014-0498 CVE-2014-0499 CVE-2014-0502

Adobe Flash Player: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/02/2014.
Identifiers: 2755801, APSB14-07, BID-65702, BID-65703, BID-65704, CERTFR-2014-AVI-078, CVE-2014-0498, CVE-2014-0499, CVE-2014-0502, openSUSE-SU-2014:0277-1, openSUSE-SU-2014:0278-1, RHSA-2014:0196-01, SUSE-SU-2014:0290-1, VIGILANCE-VUL-14291, ZDI-14-040.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a buffer overflow via RegExp, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-65704, CVE-2014-0498, ZDI-14-040]

An attacker can read the memory content, in order to bypass ASLR. [severity:2/4; BID-65703, CVE-2014-0499]

An attacker can use a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-65702, CVE-2014-0502]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-0322

Internet Explorer: use after free via CMarkup

Synthesis of the vulnerability

An attacker can use a freed memory area in MSHTML CMarkup of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Severity: 3/4.
Creation date: 14/02/2014.
Identifiers: 2925418, 2934088, CERTFR-2014-ALE-001, CVE-2014-0322, MS14-012, VIGILANCE-VUL-14263, VU#732479.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a freed memory area in MSHTML CMarkup of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about MSIE: