CVE-2014-1777
published 2014-06-11CVE-2014-1777: Microsoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via a crafted web site, aka "Internet Explorer Information…
PriorityP335medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
20.95%
97.2th percentile
Microsoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Talos
Microsoft Update Tuesday June 2014: Internet Explorer, Internet Explorer, Internet Explorer
blogs_talos·2014-06-10·CVSS 5.1
[MEDIUM] Microsoft Update Tuesday June 2014: Internet Explorer, Internet Explorer, Internet Explorer
## Microsoft Update Tuesday June 2014: Internet Explorer, Internet Explorer, Internet Explorer
Once again it’s time for Microsoft’s Update Tuesday and this time it’s almost all about Internet Explorer. We had a bit of a lull in the past months with respect to IE vulnerabilities, especially due to the out-of-band patch that Microsoft released last month, which delayed some of the regularly scheduled fixes. However, this month more than makes up for it: we have a total of seven advisories this month, fixing 66 vulnerabilities, 59 of which are in IE.
There are two advisories that are marked as critical:
The first critical bulletin is MS14-035 and is the IE bulletin that covers 59 total vulnerabilities. Of these 59 vulnerabilities, two are information disclosure issues: CVE-2014-1777 and CV
Talos
Microsoft Update Tuesday June 2014: Internet Explorer, Internet Explorer, Internet Explorer
blogs_talos·2014-06-10·CVSS 5.1
[MEDIUM] Microsoft Update Tuesday June 2014: Internet Explorer, Internet Explorer, Internet Explorer
Once again it’s time for Microsoft’s Update Tuesday and this time it’s almost all about Internet Explorer. We had a bit of a lull in the past months with respect to IE vulnerabilities, especially due to the out-of-band patch that Microsoft released last month, which delayed some of the regularly scheduled fixes. However, this month more than makes up for it: we have a total of seven advisories this month, fixing 66 vulnerabilities, 59 of which are in IE.
There are two advisories that are marked as critical:
The first critical bulletin is MS14-035 and is the IE bulletin that covers 59 total vulnerabilities. Of these 59 vulnerabilities, two are information disclosure issues: CVE-2014-1777 and CVE-2014-1771. The last vulnerability was publicly known and is a TLS renegotiation vulnerability
Bugzilla
CVE-2014-0243 check-mk: arbitrary file disclosure flaw as root
bugzilla·2014-05-27·CVSS 5.5
CVE-2014-0243 [MEDIUM] CVE-2014-0243 check-mk: arbitrary file disclosure flaw as root
CVE-2014-0243 check-mk: arbitrary file disclosure flaw as root
LSE Leading Security Experts GmbH discovered that the Check_MK agent (Nagios plugin) processed files from the /var/lib/check_mk_agent/job directory which had 1777 permissions. The mk-job program did not check whether any files in this directory where symbolic or hard links. Due to the permissions of this directory, any user could add a symbolic or hard link to any file on the filesystem, and because the Check_MK agent ran as the root user, it could expose arbitrary files via the agent, which exposes all the contents of this directory on TCP port 6556 by default.
This can be worked-around by setting mode 0755 on /var/lib/check_mk_agent/job (removing the sticky bit).
This is described in the upstream bug report [1] and fixed i
http://www.securityfocus.com/bid/67869http://www.securitytracker.com/id/1030370https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035http://www.securityfocus.com/bid/67869http://www.securitytracker.com/id/1030370https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035
2014-06-11
Published