CVE-2014-2783Microsoft Internet Explorer vulnerability

CWE-2645 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
7.7%
top 8.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedJul 8
Latest updateMay 14

Description

Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka "Extended Validation (EV) Certificate Security Feature Bypass Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDmicrosoft/internet_explorer5 versions+4

🔴Vulnerability Details

1
GHSA
GHSA-6jw4-77j4-vh6j: Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust lev2022-05-14

🕵️Threat Intelligence

3
Talos
Microsoft Update Tuesday August 2014: Media Center and Internet Explorer2014-08-12
Talos
Microsoft Update Tuesday August 2014: Media Center and Internet Explorer2014-08-12
Talos
Microsoft Update Tuesday July 2014: light month, mostly Internet Explorer2014-07-08
CVE-2014-2783 — Microsoft vulnerability | cvebase