Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10010
HistoryJun 10, 2014 - 12:00 a.m.

KLA10010 Multiple vulnerabilities at Microsoft Internet Explorer

2014-06-1000:00:00
Kaspersky Lab
threats.kaspersky.com
74

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON

Detect date:

06/10/2014

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer versions 6-11. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass a sandbox protection mechanism, obtain sensitive information, modify TLS session data or read local files.

Affected products:

Microsoft Internet Explorer versions from 6 to 11.

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

Microsoft bulletin
CVE-2014-1800
CVE-2014-1799
CVE-2014-1803
CVE-2014-1802
CVE-2014-1805
CVE-2014-1804
CVE-2014-2754
CVE-2014-2753
CVE-2014-2756
CVE-2014-2755
CVE-2014-2777
CVE-2014-1779
CVE-2014-1778
CVE-2014-1777
CVE-2014-1775
CVE-2014-1783
CVE-2014-1782
CVE-2014-1781
CVE-2014-1780
CVE-2014-2776
CVE-2014-2775
CVE-2014-1785
CVE-2014-1784
CVE-2014-2771
CVE-2014-2770
CVE-2014-2769
CVE-2014-2768
CVE-2014-2772
CVE-2014-2773
CVE-2014-2782
CVE-2014-2759
CVE-2014-1794
CVE-2014-1795
CVE-2014-1791
CVE-2014-1792
CVE-2014-1789
CVE-2014-1790
CVE-2014-1786
CVE-2014-1788
CVE-2014-1796
CVE-2014-1797
CVE-2014-0282
CVE-2014-1762
CVE-2014-1764
CVE-2014-1766
CVE-2014-1769
CVE-2014-1770
CVE-2014-1771
CVE-2014-1772
CVE-2014-1773
CVE-2014-2763
CVE-2014-2764
CVE-2014-2765
CVE-2014-2757
CVE-2014-2758
CVE-2014-1774
CVE-2014-2760
CVE-2014-2761
CVE-2014-2766
CVE-2014-2767

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2014-18009.3Critical
CVE-2014-17999.3Critical
CVE-2014-18039.3Critical
CVE-2014-18029.3Critical
CVE-2014-18059.3Critical
CVE-2014-18049.3Critical
CVE-2014-27549.3Critical
CVE-2014-27539.3Critical
CVE-2014-27569.3Critical
CVE-2014-27559.3Critical
CVE-2014-27777.5Critical
CVE-2014-17799.3Critical
CVE-2014-17786.8High
CVE-2014-17774.3Warning
CVE-2014-17759.3Critical
CVE-2014-17839.3Critical
CVE-2014-17829.3Critical
CVE-2014-17819.3Critical
CVE-2014-17809.3Critical
CVE-2014-27769.3Critical
CVE-2014-27759.3Critical
CVE-2014-17859.3Critical
CVE-2014-17849.3Critical
CVE-2014-27719.3Critical
CVE-2014-27709.3Critical
CVE-2014-27699.3Critical
CVE-2014-27689.3Critical
CVE-2014-27729.3Critical
CVE-2014-27739.3Critical
CVE-2014-27829.3Critical
CVE-2014-27599.3Critical
CVE-2014-17949.3Critical
CVE-2014-17959.3Critical
CVE-2014-17919.3Critical
CVE-2014-17929.3Critical
CVE-2014-17899.3Critical
CVE-2014-17909.3Critical
CVE-2014-17869.3Critical
CVE-2014-17889.3Critical
CVE-2014-17969.3Critical
CVE-2014-17979.3Critical
CVE-2014-02829.3Critical
CVE-2014-17627.5Critical
CVE-2014-17669.3Critical
CVE-2014-17699.3Critical
CVE-2014-17709.3Critical
CVE-2014-17716.8High
CVE-2014-17729.3Critical
CVE-2014-17739.3Critical
CVE-2014-27639.3Critical
CVE-2014-27649.3Critical
CVE-2014-27659.3Critical
CVE-2014-27579.3Critical
CVE-2014-27589.3Critical
CVE-2014-17749.3Critical
CVE-2014-27609.3Critical
CVE-2014-27619.3Critical
CVE-2014-27669.3Critical
CVE-2014-27679.3Critical

Microsoft official advisories:

KB list:

2963950
2969262
2957689

Exploitation:

Public exploits exist for this vulnerability.

References

Related

nessus 2
mskb 1
openvas 1
cve 56
prion 57
securityvulns 3
zdi 25
checkpoint_advisories 12
symantec 36
zdt 3
thn 2
packetstorm 1
nessus
nessus
MS14-035: Cumulative Security Update for Internet Explorer (2969262)
2014-06-11 00:00:00
Microsoft Internet Explorer 8 CMarkup Use-After-Free Remote Code Execution
2014-05-22 00:00:00
mskb
mskb
MS14-035: Cumulative security update for Internet Explorer: June 10, 2014
2014-06-10 00:00:00
openvas
openvas
Microsoft Internet Explorer Multiple Vulnerabilities (2969262)
2014-06-11 00:00:00
cve
cve
CVE-2014-2782
2014-06-19 10:50:00
CVE-2014-1795
2014-06-11 04:56:00
CVE-2014-2765
2014-06-11 04:56:00
prion
prion
Memory corruption
2014-06-11 04:56:00
Memory corruption
2014-06-11 04:56:00
Memory corruption
2014-06-11 04:56:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2014-07-21 00:00:00
VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014)
2014-07-21 00:00:00
VUPEN Security Research - Microsoft Internet Explorer "ShowSaveFileDialog()" Sandbox Bypass (Pwn2Own 2014)
2014-07-21 00:00:00
zdi
zdi
Microsoft Internet Explorer textContent Heap Buffer Overflow Remote Code Execution Vulnerability
2014-06-11 00:00:00
Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability
2014-06-11 00:00:00
(Pwn2Own) Microsoft Internet Explorer CDispNodeBase Use-After-Free Remote Code Execution Vulnerability
2014-06-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Memory Corruption (MS14-035: CVE-2014-1800)
2014-06-10 00:00:00
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1795)
2014-06-10 00:00:00
Microsoft Internet Explorer Memory Corruption (MS14-035; CVE-2014-1804)
2014-06-10 00:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2014-1800 Remote Memory Corruption Vulnerability
2014-06-10 00:00:00
Microsoft Internet Explorer CVE-2014-2772 Remote Memory Corruption Vulnerability
2014-06-10 00:00:00
Microsoft Internet Explorer CVE-2014-1778 Remote Privilege Escalation Vulnerability
2014-06-10 00:00:00
zdt
zdt
Internet Explorer 8 MS14-035 Use-After-Free Exploit
2014-11-10 00:00:00
Microsoft Internet Explorer 11 MSHTML - CSplice­Tree­Engine::Remove­Splice Use-After-Free (MS14-035)
2016-12-21 00:00:00
Internet Explorer 8, 9, 10 - CInput Use-After-Free (MS14-035) - Crash PoC
2014-06-30 00:00:00
thn
thn
Microsoft to Patch Critical Internet Explorer Zero-Day Vulnerability Next Tuesday
2014-06-05 20:52:00
Exploit-Selling Firm Kept Internet Explorer Zero-Day Vulnerability Hidden for 3 Years
2014-07-24 03:57:00
packetstorm
packetstorm
Internet Explorer 8 MS14-035 Use-After-Free
2014-11-11 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON
Related for KLA10010
nessus2mskb1openvas1cve56prion57securityvulns3zdi25checkpoint_advisories12symantec36zdt3thn2packetstorm1