CVE-2014-0284
published 2014-02-12CVE-2014-0284: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site…
PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
24.71%
97.6th percentile
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c737-m6vw-r2j8: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
ghsa_unreviewed·2022-05-14
CVE-2014-0284 [HIGH] CWE-119 GHSA-c737-m6vw-r2j8: Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Red Hat
Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)
vendor_redhat·2015-03-03·CVSS 3.5
CVE-2015-0284 [LOW] CWE-79 Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)
Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)
Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.
A cross-site scripting (XSS) flaw was found in how XML data was handled in Red Hat Satellite. A user able to use the XMLRPC API could exploit this flaw to perform XSS attacks against other Satellite users.
Package: Server (Red Hat Satellite 5.6) - Will not fix
No detection rules found.
No public exploits indexed.
Zscaler
Zscaler found Multiple Security Vulnerabilities | 02-11-2014
blogs_zscaler
Zscaler found Multiple Security Vulnerabilities | 02-11-2014
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
(CVE-2015-0284) Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)
bugzilla·2016-03-04·CVSS 3.5
CVE-2015-0284 [LOW] (CVE-2015-0284) Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)
(CVE-2015-0284) Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)
Jan Hutař reports:
There is stored XSS vulnerability in user details field in Satellite server, they can be exploited by using the REST API to send XML data containing malformed data.
Discussion:
*** This bug has been marked as a duplicate of bug 1181152 ***
Bugzilla
CVE-2015-0284 Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)
bugzilla·2015-01-13·CVSS 3.5
CVE-2015-0284 [LOW] CVE-2015-0284 Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)
CVE-2015-0284 Red Hat Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)
Jan Hutař reports:
There is stored XSS vulnerability in user details field in Satellite server, they can be exploited by using the XMLRPC API to send XML data containing malformed data.
Discussion:
*** Bug 1315398 has been marked as a duplicate of this bug. ***
---
External reference:
spacewalk git dd418384171473c3e31386a1b4792f8c555dc744
spacewalk git f3792c79c1c251a49cc4e382be8591636326a794
---
Acknowledgments:
Name: Jan Hutař (Red Hat)
---
This issue has been addressed in the following products:
Red Hat Satellite 5.7
Via RHSA-2016:0590 https://rhn.redhat.com/errata/RHSA-2016-0590.html
http://osvdb.org/103182http://secunia.com/advisories/56796http://www.securityfocus.com/bid/65383http://www.securitytracker.com/id/1029741https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010https://exchange.xforce.ibmcloud.com/vulnerabilities/90774http://osvdb.org/103182http://secunia.com/advisories/56796http://www.securityfocus.com/bid/65383http://www.securitytracker.com/id/1029741https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010https://exchange.xforce.ibmcloud.com/vulnerabilities/90774
2014-02-12
Published