EUVD-2014-1378

Malware in sbrugna...

SUSE CVE-2014-0506

Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remo...

SUSE CVE-2014-1300

Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014...

CVE-2014-1764

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014...

CVE-2014-1766

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure...

Design/Logic Flaw

Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014...

Design/Logic Flaw

Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 6 through 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014...

Memory corruption

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure...

Design/Logic Flaw

Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014...

CVE-2014-1764

CVE-2014-1764 affects Microsoft Internet Explorer 7–11. The issue is an object confusion vulnerability in the data exchanged between the broker and sandboxed processes, allowing a sandboxed process to execute code in the broker context and bypass IE Protected Mode. This can lead to remote code ex...

CVE-2014-1765

CVE-2014-1765 refers to multiple use-after-free vulnerabilities in Microsoft Internet Explorer (IE) versions 6–11 that can lead to remote code execution when a user visits a malicious page or when a crafted document is opened. The ZDI advisories (ZDI-14-261 and ZDI-14-223) describe concrete use-a...

CVE-2014-1766

CVE-2014-1766 affects Microsoft Internet Explorer 9–11. The issue enables remote code execution/memory corruption via a crafted web page, as demonstrated by researchers during Pwn2Own. The public-facing fix is MS14-035 (security update for Internet Explorer), with related patches such as KB296926...

CVE-2014-1762

Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014...

CVE-2014-1766

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. NOTE: the original disclosure...

CVE-2014-1763

CVE-2014-1763 is a use-after-free vulnerability in Microsoft Internet Explorer 9–11 exploited via CSS handling (notably CSS @import) that could allow remote code execution. ZDI-14-217 documents a CSS memory corruption flaw in IE10/IE11/IE9, demonstrated by VUPEN during Pwn2Own 2014, with remote e...

flash-plugin: two flaws leading to code execution (APSB14-09)

Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remo...

Heap overflow

Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014...

CVE-2014-0506

Technical details about CVE-2014-0506 are not publicly provided in the supplied documents. The sources reference the vulnerability but do not include specifics on impact, affected products beyond Flash Player/AIR, or remediation. Monitor for updates.

CVE-2014-0510

CVE-2014-0510 involves a heap-based buffer overflow in Adobe Flash Player 12.0.0.77 . The issue allows remote code execution and can bypass sandbox protections via unspecified vectors, as demonstrated by researchers during a Pwn2Own/CanSecWest 2014 event. Affected product is Flash Player (version...

CVE-2014-0511

CVE-2014-0511 is a heap-based buffer overflow affecting Adobe Reader/Acrobat XI 11.0.06 and earlier (and Acrobat/Reader X 10.1.9 and earlier per advisories). Root cause cited in the VUPEN overview: a heap overflow when processing barcode element fields (width/height) in a PDF, enabling arbitrary ...