Microsoft Internet Explorer vulnerabilities

CVE-2014-1803 [CRITICAL] CVE-2014-1803: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-2757.

CVE-2014-1779 [CRITICAL] CVE-2014-1779: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.

CVE-2014-2775 [CRITICAL] CVE-2014-2775: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE

CVE-2014-1802 [CRITICAL] CVE-2014-1802: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1772, CVE-2014-1780, CVE-2014-1794, CVE-2014-1797, CVE-2014-2756, CVE-2014-2763, CVE-2014-2764, CVE-2

CVE-2014-1769 [CRITICAL] CWE-94 CVE-2014-1769: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and C

CVE-2014-1795 [CRITICAL] CVE-2014-1795: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE

CVE-2014-2777 [HIGH] CVE-2014-2777: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script wit Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-1778.

CVE-2014-1778 [MEDIUM] CWE-264 CVE-2014-1778: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script wit Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-2777.

CVE-2014-1777 [MEDIUM] CWE-200 CVE-2014-1777: Microsoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via Microsoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."

CVE-2014-1771 [MEDIUM] CWE-310 CVE-2014-1771: SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certifica SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerabil

CVE-2014-1770 [CRITICAL] CWE-399 CVE-2014-1770: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function.

CVE-2014-1815 [CRITICAL] CVE-2014-1815: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as exploited in the wild in May 2014, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0310.

CVE-2014-0310 [CRITICAL] CWE-119 CVE-2014-0310: Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1815.

CVE-2014-1764 [CRITICAL] CWE-264 CVE-2014-1764: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypas Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

CVE-2014-1766 [CRITICAL] CWE-119 CVE-2014-1766: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure referred to triggering a kernel bug with the Internet

CVE-2014-1763 [CRITICAL] CWE-399 CVE-2014-1763: Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

CVE-2014-1776 [CRITICAL] CWE-416 CVE-2014-1776: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clari

CVE-2014-1762 [HIGH] CVE-2014-1762: Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to exe Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014.

CVE-2014-1765 [HIGH] CWE-399 CVE-2014-1765: Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote att Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.

CVE-2014-1753 [CRITICAL] CWE-119 CVE-2014-1753: Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."