The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MSIE

vulnerability announce CVE-2014-0503 CVE-2014-0504

Adobe Flash Player: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 11/03/2014.
Identifiers: 2755801, APSB14-08, CERTFR-2014-AVI-115, CVE-2014-0503, CVE-2014-0504, openSUSE-SU-2014:0377-1, openSUSE-SU-2014:0379-1, RHSA-2014:0289-01, SUSE-SU-2014:0387-1, VIGILANCE-VUL-14402.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can bypass the same origin policy, in order to obtain sensitive information coming from another web site. [severity:2/4; CVE-2014-0503]

An attacker can read the content of the clipboard, in order to obtain sensitive information. [severity:2/4; CVE-2014-0504]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2014-0498 CVE-2014-0499 CVE-2014-0502

Adobe Flash Player: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 21/02/2014.
Identifiers: 2755801, APSB14-07, BID-65702, BID-65703, BID-65704, CERTFR-2014-AVI-078, CVE-2014-0498, CVE-2014-0499, CVE-2014-0502, openSUSE-SU-2014:0277-1, openSUSE-SU-2014:0278-1, RHSA-2014:0196-01, SUSE-SU-2014:0290-1, VIGILANCE-VUL-14291, ZDI-14-040.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a buffer overflow via RegExp, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-65704, CVE-2014-0498, ZDI-14-040]

An attacker can read the memory content, in order to bypass ASLR. [severity:2/4; BID-65703, CVE-2014-0499]

An attacker can use a freed memory area, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-65702, CVE-2014-0502]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-0322

Internet Explorer: use after free via CMarkup

Synthesis of the vulnerability

An attacker can use a freed memory area in MSHTML CMarkup of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Impacted products: IE.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/02/2014.
Identifiers: 2925418, 2934088, CERTFR-2014-ALE-001, CVE-2014-0322, MS14-012, VIGILANCE-VUL-14263, VU#732479.

Description of the vulnerability

An attacker can use a freed memory area in MSHTML CMarkup of Internet Explorer, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-0267 CVE-2014-0268 CVE-2014-0269

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 24.
Creation date: 11/02/2014.
Identifiers: 2909921, BID-65361, BID-65363, BID-65367, BID-65370, BID-65371, BID-65372, BID-65373, BID-65375, BID-65376, BID-65377, BID-65378, BID-65380, BID-65381, BID-65382, BID-65383, BID-65384, BID-65385, BID-65386, BID-65388, BID-65389, BID-65390, BID-65392, BID-65394, BID-65395, CERTFR-2014-AVI-065, CERTFR-2014-AVI-066, CVE-2014-0267, CVE-2014-0268, CVE-2014-0269, CVE-2014-0270, CVE-2014-0271, CVE-2014-0272, CVE-2014-0273, CVE-2014-0274, CVE-2014-0275, CVE-2014-0276, CVE-2014-0277, CVE-2014-0278, CVE-2014-0279, CVE-2014-0280, CVE-2014-0281, CVE-2014-0283, CVE-2014-0284, CVE-2014-0285, CVE-2014-0286, CVE-2014-0287, CVE-2014-0288, CVE-2014-0289, CVE-2014-0290, CVE-2014-0293, MS14-010, VIGILANCE-VUL-14223, ZDI-14-020, ZDI-14-021, ZDI-14-022, ZDI-14-023, ZDI-14-024, ZDI-14-025, ZDI-14-026, ZDI-14-027, ZDI-14-028, ZDI-14-061, ZDI-14-062, ZDI-14-112, ZDI-14-113, ZDI-14-119.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

A local attacker can escalate his privileges during the creation of keys in the registry. [severity:2/4; BID-65392, CVE-2014-0268]

An attacker can generate a memory corruption in the VBScript engine, in order to trigger a denial of service, and possibly to execute code (VIGILANCE-VUL-14224). [severity:4/4; BID-65395, CERTFR-2014-AVI-066, CVE-2014-0271]

An attacker can access to data of another domain, in order to obtain sensitive information. [severity:2/4; BID-65394, CVE-2014-0293]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65361, CVE-2014-0267]

An attacker can generate a memory corruption of CMarkup, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65363, CVE-2014-0269, ZDI-14-021]

An attacker can generate a memory corruption of CMarkup, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65367, CVE-2014-0270, ZDI-14-020]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65370, CVE-2014-0272]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65371, CVE-2014-0273]

An attacker can generate a memory corruption of CDomRange, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65372, CVE-2014-0274, ZDI-14-025, ZDI-14-061]

An attacker can generate a memory corruption of CAreaElement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65373, CVE-2014-0275, ZDI-14-026]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65375, CVE-2014-0276]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65376, CVE-2014-0277]

An attacker can generate a memory corruption via CSS, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65377, CVE-2014-0278, ZDI-14-112]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65378, CVE-2014-0279]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65380, CVE-2014-0280]

An attacker can generate a memory corruption of CTreeNode, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65381, CVE-2014-0281, ZDI-14-028]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65382, CVE-2014-0283]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65383, CVE-2014-0284]

An attacker can generate a memory corruption in NavigateToBookmark/CMarkup, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65384, CVE-2014-0285, ZDI-14-062, ZDI-14-119]

An attacker can generate a memory corruption of CInputElement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65385, CVE-2014-0286, ZDI-14-023]

An attacker can generate a memory corruption of CHtmlLayout, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65386, CVE-2014-0287, ZDI-14-024]

An attacker can generate a memory corruption of CDivElement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65388, CVE-2014-0288, ZDI-14-022]

An attacker can generate a memory corruption of CMarkupPointer, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65389, CVE-2014-0289, ZDI-14-027]

An attacker can generate a memory corruption via CMarkup, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-65390, CVE-2014-0290, ZDI-14-113]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-0266

Windows, IE: information disclosure via Microsoft XML Core Services

Synthesis of the vulnerability

An attacker can use Microsoft XML Core Services of Windows, via IE, in order to obtain sensitive information from another site, or to read a victim's file.
Impacted products: IE, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 11/02/2014.
Identifiers: 2916036, BID-65407, CERTFR-2014-AVI-060, CVE-2014-0266, MS14-005, VIGILANCE-VUL-14218.

Description of the vulnerability

The Microsoft XML Core Services (MSXML) library is used by Microsoft applications which process XML data.

However, an attacker can bypass access restrictions to data of a domain.

An attacker can therefore use Microsoft XML Core Services of Windows, via IE, in order to obtain sensitive information from another site, or to read a victim's file.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-0497

Adobe Flash Player: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Adobe Flash Player, in order to execute code.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 05/02/2014.
Identifiers: 2755801, APSB14-04, CERTFR-2014-AVI-052, CVE-2014-0497, openSUSE-SU-2014:0197-1, openSUSE-SU-2014:0203-1, RHSA-2014:0137-01, SUSE-SU-2014:0221-1, VIGILANCE-VUL-14175.

Description of the vulnerability

An attacker can use a vulnerability of Adobe Flash Player, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0491 CVE-2014-0492

Adobe Flash Player: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/01/2014.
Identifiers: 2755801, APSB14-02, BID-64807, BID-64810, CERTA-2014-AVI-019, CVE-2014-0491, CVE-2014-0492, openSUSE-SU-2014:0128-1, RHSA-2014:0028-01, VIGILANCE-VUL-14094, ZDI-14-014.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can bypass security protections, in order to execute code. [severity:3/4; BID-64807, CVE-2014-0491]

An attacker can bypass the ASLR protection via Jump Opcode. [severity:2/4; BID-64810, CVE-2014-0492, ZDI-14-014]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2013-5045 CVE-2013-5046 CVE-2013-5047

Internet Explorer: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Internet Explorer.
Impacted products: IE.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 10/12/2013.
Identifiers: 2898785, BID-64115, BID-64117, BID-64119, BID-64120, BID-64123, BID-64124, BID-64126, CERTA-2013-AVI-663, CVE-2013-5045, CVE-2013-5046, CVE-2013-5047, CVE-2013-5048, CVE-2013-5049, CVE-2013-5051, CVE-2013-5052, MS13-097, VIGILANCE-VUL-13926, ZDI-13-271, ZDI-13-272, ZDI-13-273.

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

An attacker can escalate his privileges. [severity:2/4; BID-64115, CVE-2013-5045]

An attacker can escalate his privileges. [severity:2/4; BID-64120, CVE-2013-5046]

An attacker can generate a memory corruption in CMarkup::Insert, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64117, CVE-2013-5047, ZDI-13-272]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64119, CVE-2013-5048, ZDI-13-271]

An attacker can generate a memory corruption in CObjectElement, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64123, CVE-2013-5049, ZDI-13-273]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64124, CVE-2013-5051]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64126, CVE-2013-5052]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-5331 CVE-2013-5332

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/12/2013.
Identifiers: 2755801, APSB13-28, BID-64199, BID-64201, CERTA-2013-AVI-660, CVE-2013-5331, CVE-2013-5332, openSUSE-SU-2013:1898-1, openSUSE-SU-2013:1915-1, RHSA-2013:1818-01, SUSE-SU-2013:1896-1, VIGILANCE-VUL-13923.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64199, CVE-2013-5331]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:4/4; BID-64201, CVE-2013-5332]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-5329 CVE-2013-5330

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux Enterprise Desktop.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/11/2013.
Identifiers: 2755801, APSB13-26, BID-63680, BID-63683, CERTA-2013-AVI-636, CVE-2013-5329, CVE-2013-5330, openSUSE-SU-2013:1717-1, openSUSE-SU-2013:1737-1, RHSA-2013:1518-01, SUSE-SU-2013:1716-1, VIGILANCE-VUL-13771, ZDI-13-275.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-63683, CVE-2013-5329]

An attacker can generate a memory corruption via AVM2, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; BID-63680, CVE-2013-5330, ZDI-13-275]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about MSIE: