CVE-2014-4096
published 2014-09-10CVE-2014-4096: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka…
PriorityP352critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
15.99%
96.5th percentile
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4095, and CVE-2014-4101.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3gq8-c4x9-x9rh: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-4101 [CRITICAL] CWE-119 GHSA-3gq8-c4x9-x9rh: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4095, and CVE-2014-4096.
GHSA
GHSA-v53v-93hv-wcjv: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-4096 [CRITICAL] CWE-119 GHSA-v53v-93hv-wcjv: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4095, and CVE-2014-4101.
GHSA
GHSA-whxp-g4qm-8ppv: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-4087 [CRITICAL] CWE-119 GHSA-whxp-g4qm-8ppv: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4095, CVE-2014-4096, and CVE-2014-4101.
GHSA
GHSA-f749-7f34-9fpm: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2014-4095 [CRITICAL] CWE-119 GHSA-f749-7f34-9fpm: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web si
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4096, and CVE-2014-4101.
No detection rules found.
Exploit-DB
K7 Computing (Multiple Products) - Arbitrary Write Privilege Escalation
exploitdb·2015-02-04·CVSS 7.2
CVE-2014-9643 [HIGH] K7 Computing (Multiple Products) - Arbitrary Write Privilege Escalation
K7 Computing (Multiple Products) - Arbitrary Write Privilege Escalation
---
/*
Exploit Title - K7 Computing Multiple Products Arbitrary Write Privilege Escalation
Date - 04th February 2015
Discovered by - Parvez Anwar (@parvezghh)
Vendor Homepage - http://www.k7computing.co.uk/
Tested Version - 14.2.0.240
Driver Version - 12.8.0.104 - K7Sentry.sys
Tested on OS - 32bit Windows XP SP3
OSVDB - http://www.osvdb.org/show/osvdb/113007
CVE ID - CVE-2014-9643
Vendor fix url - none
Fixed version - 14.2.0.253
Fixed driver ver - 12.8.0.118
*/
#include
#include
#define INBUFSIZE 4
#define BUFSIZE 4096
typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY {
PVOID Unknown1;
PVOID Unknown2;
PVOID Base;
ULONG Size;
ULONG Flags;
USHORT Index;
USHORT NameLength;
USHORT LoadCount;
USHORT PathLength;
CHAR
Exploit-DB
Trend Micro 8.0.1133 (Multiple Products) - Local Privilege Escalation
exploitdb·2015-01-31·CVSS 7.2
CVE-2014-9641 [HIGH] Trend Micro 8.0.1133 (Multiple Products) - Local Privilege Escalation
Trend Micro 8.0.1133 (Multiple Products) - Local Privilege Escalation
---
/*
Exploit Title - Trend Micro Multiple Products Arbitrary Write Privilege Escalation
Date - 31st January 2015
Discovered by - Parvez Anwar (@parvezghh)
Vendor Homepage - http://www.trendmicro.co.uk/
Tested Version - 8.0.1133
Driver Version - 2.0.0.1009 - tmeext.sys
Tested on OS - 32bit Windows XP SP3
OSVDB - http://www.osvdb.org/show/osvdb/115514
CVE ID - CVE-2014-9641
Vendor fix url - http://esupport.trendmicro.com/solution/en-US/1106233.aspx
Fixed version - 8.0.1133
Fixed driver ver - 2.0.0.1015
*/
#include
#include
#define BUFSIZE 4096
typedef struct _SYSTEM_MODULE_INFORMATION_ENTRY {
PVOID Unknown1;
PVOID Unknown2;
PVOID Base;
ULONG Size;
ULONG Flags;
USHORT Index;
USHORT NameLength;
USHORT LoadCount;
Exploit-DB
ActualAnalyzer - 'ant' Cookie Command Execution (Metasploit)
exploitdb·2014-12-16
CVE-2014-5470 ActualAnalyzer - 'ant' Cookie Command Execution (Metasploit)
ActualAnalyzer - 'ant' Cookie Command Execution (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 "ActualAnalyzer 'ant' Cookie Command Execution",
'Description' => %q{
This module exploits a command execution vulnerability in
ActualAnalyzer version 2.81 and prior.
The 'aa.php' file allows unauthenticated users to
execute arbitrary commands in the 'ant' cookie.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Benjamin Harris', # Discovery and exploit
'Brendan Coles ' # Metasploit
],
'References' =>
[
['EDB', '34450'],
['OSVDB', '110601']
],
'Payload' =>
{
'Space' => 4096, # HTTP cookie
'DisableNops' => true,
'BadChars' => "\x00"
},
'Arch' => ARCH_CMD,
Bugzilla
CVE-2014-3537 cups: insufficient checking leads to privilege escalation
bugzilla·2014-07-02·CVSS 1.2
CVE-2014-3537 [LOW] CVE-2014-3537 cups: insufficient checking leads to privilege escalation
CVE-2014-3537 cups: insufficient checking leads to privilege escalation
It was discovered that a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd.
Permissions:
drwxrwxr-x. 2 root lp 4096 Jul 2 09:58 /var/cache/cups/rss
SELinux mitigates this vulnerability
Discussion:
Acknowledgment:
This issue was discovered by Francisco Alonso of the Red Hat Security Response Team.
---
Statement:
This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle, https://access.redhat.com/support/policy/updates/errata/
---
Patch for symlink: https://cups.org/strfiles.php/3363/str4450.patch
Fixed In: 2.0-current (SVN: r11993)
Bugzilla
CVE-2014-3209 ldns: ldns-keygen generates keys with world readable permissions
bugzilla·2014-05-03·CVSS 2.1
CVE-2014-3209 [LOW] CVE-2014-3209 ldns: ldns-keygen generates keys with world readable permissions
CVE-2014-3209 ldns: ldns-keygen generates keys with world readable permissions
Jonas Smedegaard reports:
The ldns-keygen tool creates a keypair, one of which should be kept
private. The tool apparently use default access rights for all files,
leading to the private key being created world readable.
====
This has been confirmed:
# ldns-keygen -a RSASHA1_NSEC3 -b 1024 example.net
Kexample.net.+007+63434
# ls -la
total 20
drwxr-xr-x. 2 root root 4096 May 3 11:34 .
dr-xr-x---. 11 root root 4096 May 3 11:34 ..
-rw-r--r--. 1 root root 70 May 3 11:34 Kexample.net.+007+63434.ds
-rw-r--r--. 1 root root 242 May 3 11:34 Kexample.net.+007+63434.key
-rw-r--r--. 1 root root 943 May 3 11:34 Kexample.net.+007+63434.private
External references:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=74675
http://www.securityfocus.com/bid/69601http://www.securitytracker.com/id/1030818https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052https://exchange.xforce.ibmcloud.com/vulnerabilities/95526http://www.securityfocus.com/bid/69601http://www.securitytracker.com/id/1030818https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052https://exchange.xforce.ibmcloud.com/vulnerabilities/95526
2014-09-10
Published