CVE-2014-4091
published 2014-09-10CVE-2014-4091: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web…
PriorityP350critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
15.99%
96.5th percentile
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4089, and CVE-2014-4102.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jg75-whqv-jmf9: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-4089 [CRITICAL] CWE-119 GHSA-jg75-whqv-jmf9: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4091, and CVE-2014-4102.
GHSA
GHSA-8cm8-wxvc-jh59: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-4080 [CRITICAL] CWE-119 GHSA-8cm8-wxvc-jh59: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4089, CVE-2014-4091, and CVE-2014-4102.
GHSA
GHSA-2wrq-8v99-jmf7: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-4102 [CRITICAL] CWE-119 GHSA-2wrq-8v99-jmf7: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4089, and CVE-2014-4091.
GHSA
GHSA-jj7w-f4w9-4fw7: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-4091 [CRITICAL] CWE-119 GHSA-jj7w-f4w9-4fw7: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4089, and CVE-2014-4102.
Suricata
ET WEB_SERVER Apache Tomcat Boundary Overflow DOS/File Upload Attempt
suricata·2014-02-12
CVE-2014-0050 ET WEB_SERVER Apache Tomcat Boundary Overflow DOS/File Upload Attempt
ET WEB_SERVER Apache Tomcat Boundary Overflow DOS/File Upload Attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Apache Tomcat Boundary Overflow DOS/File Upload Attempt"; flow:established,to_server; http.method; content:"POST"; content:"Content-Type|3a|"; nocase; pcre:"/^[^\r\n]*?boundary\s*?=\s*?[^\r\n]/Ri"; isdataat:4091,relative; content:!"|0A|"; within:4091; http.header; content:"multipart/form-data"; fast_pattern; reference:url,blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html; reference:cve,2014-0050; classtype:web-application-attack; sid:2018113; rev:4; metadata:created_at 2014_02_12, cve CVE_2014_0050, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_22;)
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/69598http://www.securitytracker.com/id/1030818https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052https://exchange.xforce.ibmcloud.com/vulnerabilities/95521http://www.securityfocus.com/bid/69598http://www.securitytracker.com/id/1030818https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052https://exchange.xforce.ibmcloud.com/vulnerabilities/95521
2014-09-10
Published