Vulnerabilites related to microsoft - internet_explorer
Vulnerability from fkie_nvd
Published
2014-02-12 04:50
Modified
2024-11-21 02:01
Severity ?
Summary
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0278 and CVE-2014-0279.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 8 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0278 and CVE-2014-0279." }, { "lang": "es", "value": "Microsoft Internet Explorer 8 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocido como \"Internet Explorer Memory Corruption Vulnerability,\" una vulnerabilidad diferente a CVE-2014-0278 y CVE-2014-0279." } ], "id": "CVE-2014-0277", "lastModified": "2024-11-21T02:01:48.003", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2014-02-12T04:50:40.327", "references": [ { "source": "secure@microsoft.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2" }, { "source": "secure@microsoft.com", "url": "http://osvdb.org/103176" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/56796" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/65376" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1029741" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90767" }, { "source": "secure@microsoft.com", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/103176" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/56796" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/65376" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1029741" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-010" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90767" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-05-21 23:15
Modified
2024-11-21 05:09
Severity ?
Summary
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1092.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1062 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1062 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 9 | |
microsoft | windows_server_2008 | - | |
microsoft | internet_explorer | 11 | |
microsoft | windows_10 | - | |
microsoft | windows_10 | 1607 | |
microsoft | windows_10 | 1709 | |
microsoft | windows_10 | 1803 | |
microsoft | windows_10 | 1809 | |
microsoft | windows_10 | 1903 | |
microsoft | windows_10 | 1909 | |
microsoft | windows_7 | - | |
microsoft | windows_8.1 | - | |
microsoft | windows_rt_8.1 | - | |
microsoft | windows_server_2008 | r2 | |
microsoft | windows_server_2012 | - | |
microsoft | windows_server_2012 | r2 | |
microsoft | windows_server_2016 | - | |
microsoft | windows_server_2019 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \u0027Internet Explorer Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-1092." }, { "lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota cuando Internet Explorer accede inapropiadamente a objetos en memoria, tambi\u00e9n se conoce como \"Internet Explorer Memory Corruption Vulnerability\". Este ID de CVE es diferente de CVE-2020-1092." } ], "id": "CVE-2020-1062", "lastModified": "2024-11-21T05:09:40.100", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-05-21T23:15:12.507", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1062" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1062" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-09-09 00:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | edge | - | |
microsoft | internet_explorer | 10 | |
microsoft | internet_explorer | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "77D197D7-57FB-4898-8C70-B19D5F0D5BE0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Vulnerabilidad en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocida como \u0027Memory Corruption Vulnerability.\u0027" } ], "id": "CVE-2015-2542", "lastModified": "2024-11-21T02:27:34.567", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2015-09-09T00:59:49.253", "references": [ { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/76571" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1033487" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-095" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/76571" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033487" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-094" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-095" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-11-01 05:00
Modified
2024-11-20 23:28
Severity ?
Summary
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 4.0 | |
microsoft | internet_explorer | 5.0 | |
microsoft | word | 97 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*", "matchCriteriaId": "645B78F8-9AD7-4707-9CAD-5DC79475D971", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn\u0027t warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message." } ], "id": "CVE-1999-0354", "lastModified": "2024-11-20T23:28:30.380", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-11-01T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-002" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | ie | 6.0 | |
microsoft | ie | 6.0 | |
microsoft | internet_explorer | 6.0 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*", "matchCriteriaId": "B95B2BE4-B4E0-4B77-9999-53B9224F5CB1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*", "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*", "matchCriteriaId": "ADEBB882-1C55-4B7B-B4CF-F1B23502FD90", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*", "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*", "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*", "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer on Windows XP does not properly modify the \"Drag and Drop or copy and paste files\" setting when the user sets it to \"Disable\" or \"Prompt,\" which may enable security-sensitive operations that are inconsistent with the user\u0027s intended configuration." } ], "id": "CVE-2004-0979", "lastModified": "2024-11-20T23:49:49.400", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/630720" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17820" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/630720" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17820" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2024-11-21 01:54
Severity ?
Summary
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 8 | |
microsoft | internet_explorer | 9 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer 8 y 9 permiten a un atacante remoto ejecutar c\u00f3digo a discrecci\u00f3n o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambien conocida como \"Vulnerabilidad de Corrupci\u00f3n de Memoria en Internet Explorer\"." } ], "id": "CVE-2013-3845", "lastModified": "2024-11-21T01:54:24.557", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2013-09-11T14:03:48.203", "references": [ { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18719" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/ncas/alerts/TA13-253A" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18719" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-05-29 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the \"Content Disposition\" vulnerability." }, { "lang": "es", "value": "Microsoft Internet Explorer 5.01 y 6.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante los campos de cabecera Content-Type y Content-Disposition malformados; lo que hace que la aplicaci\u00f3n que deber\u00eda manejar el fichero falso lo devuelva al sistema operativo en vez levantar un mensaje de error. Tamb\u00eden conocida como segunda variante de la vulnerabilidad de \"Disposici\u00f3n de contenidos\"." } ], "id": "CVE-2002-0188", "lastModified": "2024-11-20T23:38:30.760", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-05-29T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/9086.php" }, { "source": "cve@mitre.org", "url": "http://www.lac.co.jp/security/english/snsadv_e/48_e.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/9086.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.lac.co.jp/security/english/snsadv_e/48_e.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-05-15 03:36
Modified
2024-11-21 01:49
Severity ?
Summary
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1313.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 9 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer Use After Free Vulnerability,\" a different vulnerability than CVE-2013-1313." }, { "lang": "es", "value": "Vulnerabilidad de tipo \"usar despu\u00e9s de liberar\" en Microsoft Internet Explorer v8 hasta v9 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un sitio web malintencionado que genera el acceso a un objeto eliminado, tambi\u00e9n conocido como \"Vulnerabilidad de usar despu\u00e9s de liberar en Internet Explorer\", una vulnerabilidad diferente a CVE-2013-1313." } ], "id": "CVE-2013-1306", "lastModified": "2024-11-21T01:49:19.837", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2013-05-15T03:36:33.463", "references": [ { "source": "secure@microsoft.com", "url": "http://blog.skylined.nl/20161208001.html" }, { "source": "secure@microsoft.com", "url": "http://packetstormsecurity.com/files/140092/Microsoft-Internet-Explorer-9-MSHTML-CDispNode-InsertSiblingNode-Use-After-Free.html" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16398" }, { "source": "secure@microsoft.com", "url": "https://www.exploit-db.com/exploits/40894/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blog.skylined.nl/20161208001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/140092/Microsoft-Internet-Explorer-9-MSHTML-CDispNode-InsertSiblingNode-Use-After-Free.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-037" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16398" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/40894/" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-09-10 01:55
Modified
2024-11-21 02:09
Severity ?
Summary
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4111.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 8 | |
microsoft | internet_explorer | 9 | |
microsoft | internet_explorer | 10 | |
microsoft | internet_explorer | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4111." }, { "lang": "es", "value": "Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de corrupci\u00f3n de memoria de Internet Explorer,\u0027 una vulnerabilidad diferente a CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, y CVE-2014-4111." } ], "id": "CVE-2014-4110", "lastModified": "2024-11-21T02:09:31.610", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2014-09-10T01:55:31.497", "references": [ { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/69616" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1030818" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/69616" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030818" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-01-13 05:59
Modified
2024-11-21 02:40
Severity ?
Summary
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | jscript | 5.7 | |
microsoft | jscript | 5.8 | |
microsoft | vbscript | 5.7 | |
microsoft | vbscript | 5.8 | |
microsoft | internet_explorer | 8 | |
microsoft | internet_explorer | 9 | |
microsoft | internet_explorer | 10 | |
microsoft | internet_explorer | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:jscript:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "B643637F-3903-4374-85D0-1CAA75E98BE6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:jscript:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "67691569-4F51-4021-A318-83A0F9AE64AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:vbscript:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "0061E11D-9293-401A-BA38-85AD0C4A04E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:vbscript:5.8:*:*:*:*:*:*:*", "matchCriteriaId": "1C94EA55-F0DE-4A45-A020-9F7FE2A3745B", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": false }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": false }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": false }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Los motores Microsoft (1) VBScript 5.7 y 5.8 y (2) JScript 5.7 y 5.8, como se utilizan en Internet Explorer 8 hasta la versi\u00f3n 11 y otros productos, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocido como \"Scripting Engine Memory Corruption Vulnerability\"." } ], "id": "CVE-2016-0002", "lastModified": "2024-11-21T02:40:54.770", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-01-13T05:59:01.433", "references": [ { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1034648" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1034650" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-001" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-003" }, { "source": "secure@microsoft.com", "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1215" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034650" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-001" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-003" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1215" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-06-15 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8522.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://www.securityfocus.com/bid/98930 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | http://www.securitytracker.com/id/1038673 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8524 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98930 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038673 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8524 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 11 | |
microsoft | windows_10 | - | |
microsoft | windows_10 | 1511 | |
microsoft | windows_10 | 1607 | |
microsoft | windows_10 | 1703 | |
microsoft | windows_7 | - | |
microsoft | windows_8.1 | - | |
microsoft | windows_rt_8.1 | - | |
microsoft | windows_server_2008 | r2 | |
microsoft | windows_server_2012 | r2 | |
microsoft | windows_server_2016 | - | |
microsoft | edge | - | |
microsoft | windows_10 | - | |
microsoft | windows_10 | 1511 | |
microsoft | windows_10 | 1607 | |
microsoft | windows_10 | 1703 | |
microsoft | windows_server_2016 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "matchCriteriaId": "15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "77D197D7-57FB-4898-8C70-B19D5F0D5BE0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8522." }, { "lang": "es", "value": "Los navegadores de Microsoft en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows versi\u00f3n 8.1 y Windows RT versi\u00f3n 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607 y 1703, y Windows Server 2016 permiten a un atacante ejecutar c\u00f3digo arbitrario en el contexto de la usuario actual cuando los motores de JavaScript no se procesan cuando se manejan objetos en la memoria en los navegadores de Microsoft, tambi\u00e9n se conoce como \"Scripting Engine Memory Corruption Vulnerability\". Este ID de CVE es diferente de los CVE-2017-8517 y CVE-2017-8522." } ], "id": "CVE-2017-8524", "lastModified": "2024-11-21T03:34:11.400", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-06-15T01:29:04.210", "references": [ { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/98930" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038673" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8524" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/98930" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1038673" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8524" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-11-11 07:15
Modified
2024-11-21 05:07
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Scripting Engine Memory Corruption Vulnerability
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 11 | |
microsoft | windows_10 | - | |
microsoft | windows_10 | 20h2 | |
microsoft | windows_10 | 1607 | |
microsoft | windows_10 | 1803 | |
microsoft | windows_10 | 1809 | |
microsoft | windows_10 | 1903 | |
microsoft | windows_10 | 1909 | |
microsoft | windows_10 | 2004 | |
microsoft | windows_7 | sp1 | |
microsoft | windows_8.1 | - | |
microsoft | windows_rt_8.1 | - | |
microsoft | windows_server_2008 | r2 | |
microsoft | windows_server_2012 | * | |
microsoft | windows_server_2012 | r2 | |
microsoft | windows_server_2016 | - | |
microsoft | windows_server_2019 | - | |
microsoft | edge | - | |
microsoft | windows_10 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "84079754-7D44-439C-ADFC-C560945B6DF1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "matchCriteriaId": "80EB5690-B20F-457A-A202-FBADAA17E05C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "77D197D7-57FB-4898-8C70-B19D5F0D5BE0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Scripting Engine Memory Corruption Vulnerability" }, { "lang": "es", "value": "Vulnerabilidad de Corrupci\u00f3n de Memoria del Motor de Scripting" } ], "id": "CVE-2020-17052", "lastModified": "2024-11-21T05:07:43.020", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary" } ] }, "published": "2020-11-11T07:15:16.687", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17052" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17052" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-08-17 19:15
Modified
2024-11-21 05:10
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.
An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability.
The security update addresses the vulnerability by modifying how MSHTML engine validates input.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 11 | |
microsoft | windows_10 | - | |
microsoft | windows_10 | - | |
microsoft | windows_10 | 1607 | |
microsoft | windows_10 | 1607 | |
microsoft | windows_10 | 1709 | |
microsoft | windows_10 | 1803 | |
microsoft | windows_10 | 1809 | |
microsoft | windows_10 | 1903 | |
microsoft | windows_10 | 1909 | |
microsoft | windows_10 | 2004 | |
microsoft | windows_7 | - | |
microsoft | windows_8.1 | - | |
microsoft | windows_rt_8.1 | - | |
microsoft | windows_server_2012 | - | |
microsoft | windows_server_2012 | r2 | |
microsoft | windows_server_2016 | * | |
microsoft | windows_server_2019 | - | |
microsoft | internet_explorer | 9 | |
microsoft | windows_server_2008 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "matchCriteriaId": "084984D5-D241-497B-B118-50C6C1EAD468", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "matchCriteriaId": "BA592626-F17C-4F46-823B-0947D102BBD2", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "matchCriteriaId": "897A48D7-FCA1-4560-AFBB-718AF19BA3A2", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "matchCriteriaId": "507EB48C-F479-424C-8ABA-C279AB4FE3F4", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.\nAn attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nIn a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability.\nThe security update addresses the vulnerability by modifying how MSHTML engine validates input.\n" }, { "lang": "es", "value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en la manera en que el motor MSHTML comprueba inapropiadamente la entrada. Un atacante podr\u00eda ejecutar c\u00f3digo arbitrario en el contexto del usuario actual, tambi\u00e9n se conoce como \"MSHTML Engine Remote Code Execution Vulnerability\"." } ], "id": "CVE-2020-1567", "lastModified": "2024-11-21T05:10:51.760", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "secure@microsoft.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary" } ] }, "published": "2020-08-17T19:15:20.663", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-12-16 19:33
Modified
2024-11-21 01:18
Severity ?
Summary
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 8 | |
microsoft | windows_7 | - | |
microsoft | windows_server_2003 | - | |
microsoft | windows_server_2008 | - | |
microsoft | windows_server_2008 | - | |
microsoft | windows_server_2008 | r2 | |
microsoft | windows_vista | - | |
microsoft | windows_vista | - | |
microsoft | windows_xp | - | |
microsoft | windows_xp | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*", "matchCriteriaId": "C2EE0AD3-2ADC-480E-B03E-06962EC4F095", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*", "matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*", "matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"HTML Element Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer 8 no maneja correctamente objetos en memoria, permitiendo a atacantes remotos ejecutar c\u00f3digo arbitrario mediante el acceso a un objeto que (1) no se ha iniciado correctamente o (2) se ha eliminado, lo que genera una corrupci\u00f3n de memoria, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de Memoria en un elemento HTML\"." } ], "id": "CVE-2010-3345", "lastModified": "2024-11-21T01:18:32.937", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2010-12-16T19:33:02.457", "references": [ { "source": "secure@microsoft.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1024872" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090" }, { "source": "secure@microsoft.com", "tags": [ "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11849" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1024872" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-348A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-090" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11849" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-908" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-06-14 12:29
Modified
2024-11-21 03:39
Severity ?
Summary
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8249.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://www.securityfocus.com/bid/104364 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | http://www.securitytracker.com/id/1041099 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0978 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104364 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041099 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0978 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 10 | |
microsoft | windows_server_2012 | * | |
microsoft | internet_explorer | 11 | |
microsoft | windows_10 | - | |
microsoft | windows_10 | 1607 | |
microsoft | windows_10 | 1703 | |
microsoft | windows_10 | 1709 | |
microsoft | windows_10 | 1803 | |
microsoft | windows_7 | * | |
microsoft | windows_8.1 | * | |
microsoft | windows_rt_8.1 | * | |
microsoft | windows_server_2008 | r2 | |
microsoft | windows_server_2012 | r2 | |
microsoft | windows_server_2016 | - | |
microsoft | internet_explorer | 9 | |
microsoft | windows_server_2008 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "matchCriteriaId": "80EB5690-B20F-457A-A202-FBADAA17E05C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "matchCriteriaId": "15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "7519928D-0FF2-4584-8058-4C7764CD5671", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "197E82CB-81AF-40F1-A55C-7B596891A783", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8249." }, { "lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo cuando Internet Explorer accede incorrectamente a los objetos en la memoria. Esto tambi\u00e9n se conoce como \"Internet Explorer Memory Corruption Vulnerability\". Esto afecta a Internet Explorer 9, Internet Explorer 11 e Internet Explorer 10. El ID de este CVE es diferente de CVE-2018-8249." } ], "id": "CVE-2018-0978", "lastModified": "2024-11-21T03:39:21.143", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-06-14T12:29:00.287", "references": [ { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/104364" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041099" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0978" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/104364" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041099" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0978" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-07-11 00:29
Modified
2024-11-21 04:13
Severity ?
Summary
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://www.securityfocus.com/bid/104634 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | http://www.securitytracker.com/id/1041256 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | http://www.securitytracker.com/id/1041258 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8287 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104634 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041256 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041258 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8287 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 11 | |
microsoft | windows_10 | - | |
microsoft | windows_10 | 1607 | |
microsoft | windows_10 | 1703 | |
microsoft | windows_10 | 1709 | |
microsoft | windows_10 | 1803 | |
microsoft | windows_7 | * | |
microsoft | windows_8.1 | * | |
microsoft | windows_rt_8.1 | * | |
microsoft | windows_server_2008 | r2 | |
microsoft | windows_server_2012 | r2 | |
microsoft | windows_server_2016 | - | |
microsoft | edge | - | |
microsoft | windows_10 | - | |
microsoft | windows_10 | 1607 | |
microsoft | windows_10 | 1703 | |
microsoft | windows_10 | 1709 | |
microsoft | windows_10 | 1803 | |
microsoft | windows_server_2016 | - | |
microsoft | chakracore | * | |
microsoft | internet_explorer | 10 | |
microsoft | windows_server_2012 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "matchCriteriaId": "15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "7519928D-0FF2-4584-8058-4C7764CD5671", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "197E82CB-81AF-40F1-A55C-7B596891A783", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "77D197D7-57FB-4898-8C70-B19D5F0D5BE0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1D4D1CA-4CAA-465A-907E-FCF44DFED092", "versionEndExcluding": "1.10.1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298." }, { "lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo que se manifiesta en la forma en la que el motor de scripting gestiona los objetos en la memoria en los navegadores de Microsoft. Esto tambi\u00e9n se conoce como \"Scripting Engine Memory Corruption Vulnerability\". Esto afecta a ChakraCore, Internet Explorer 11, Microsoft Edge e Internet Explorer 10. El ID de este CVE es diferente de CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296 y CVE-2018-8298." } ], "id": "CVE-2018-8287", "lastModified": "2024-11-21T04:13:33.240", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-07-11T00:29:01.303", "references": [ { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/104634" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041256" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041258" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8287" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/104634" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041256" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041258" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8287" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-01-22 22:00
Modified
2024-11-21 01:11
Severity ?
Summary
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8.0.6001:*:*:*:*:*:*:*", "matchCriteriaId": "5F709B61-F64B-4E8F-80BB-4944485B6125", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*", "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*", "matchCriteriaId": "B2B19826-5516-4899-9599-F95D0A03FBCD", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*", "matchCriteriaId": "4945F25F-2828-4D03-930B-A109BA73E00C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*", "matchCriteriaId": "B8A32637-65EC-42C4-A892-0E599562527C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability,\" a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245." }, { "lang": "es", "value": "Microsoft Internet Explorer 8 no maneja de manera apropiada los objetos en memoria lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n accediendo a un objeto que (1) no fue correctamente iniciado o (2) es borrado, lo que conduce a una corrupci\u00f3n de memoria, tambi\u00e9n conocida como \"Vulnerabilidad de Corrupci\u00f3n de Memoria no Iniciada\", una vulnerabilidad diferente a CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245." } ], "id": "CVE-2010-0246", "lastModified": "2024-11-21T01:11:50.367", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2010-01-22T22:00:00.523", "references": [ { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55776" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8378" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55776" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8378" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-07-14 21:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2406, and CVE-2015-2422.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 8 | |
microsoft | internet_explorer | 9 | |
microsoft | internet_explorer | 10 | |
microsoft | internet_explorer | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2406, and CVE-2015-2422." }, { "lang": "es", "value": "Microsoft Internet Explorer de la versi\u00f3n 6 a la 11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una p\u00e1gina web manipulada, tambi\u00e9n conocida como \u201cVulnerabilidad de corrupci\u00f3n de Memoria en Internet Explorer\u201d, una vulnerabilidad diferente a CVE-2015-2385, CVE-2015-2390, CVE-2015-2397, CVE-2015-2406, y a CVE-2015-2422." } ], "id": "CVE-2015-2404", "lastModified": "2024-11-21T02:27:20.700", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2015-07-14T21:59:25.923", "references": [ { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1032894" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032894" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*", "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*", "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*", "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*", "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*", "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*", "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*", "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*", "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*", "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*", "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*", "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*", "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*", "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*", "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*", "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*", "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*", "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*", "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*", "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*", "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*", "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*", "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*", "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*", "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*", "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*", "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\"" }, { "lang": "es", "value": "Desbordamiento de entero en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web 2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen WMF, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de entero GDI+ WMF\"" } ], "id": "CVE-2009-2500", "lastModified": "2024-11-21T01:05:01.630", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-10-14T10:30:01.327", "references": [ { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-05-21 23:15
Modified
2024-11-21 05:09
Severity ?
Summary
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1062.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1092 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1092 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 11 | |
microsoft | windows_10 | - | |
microsoft | windows_10 | 1607 | |
microsoft | windows_10 | 1709 | |
microsoft | windows_10 | 1803 | |
microsoft | windows_10 | 1809 | |
microsoft | windows_10 | 1903 | |
microsoft | windows_10 | 1909 | |
microsoft | windows_7 | - | |
microsoft | windows_8.1 | - | |
microsoft | windows_rt_8.1 | - | |
microsoft | windows_server_2008 | r2 | |
microsoft | windows_server_2012 | - | |
microsoft | windows_server_2012 | r2 | |
microsoft | windows_server_2016 | - | |
microsoft | windows_server_2019 | - | |
microsoft | internet_explorer | 9 | |
microsoft | windows_server_2008 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \u0027Internet Explorer Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2020-1062." }, { "lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota cuando Internet Explorer accede inapropiadamente a objetos en memoria, tambi\u00e9n se conoce como \"Internet Explorer Memory Corruption Vulnerability\". Este ID de CVE es diferente de CVE-2020-1062." } ], "id": "CVE-2020-1092", "lastModified": "2024-11-21T05:09:43.977", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-05-21T23:15:13.993", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1092" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1092" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-02-13 22:28
Modified
2024-11-21 00:25
Severity ?
Summary
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | internet_explorer | 5.01 | |
microsoft | windows_2000 | * | |
microsoft | ie | 6.0 | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*", "matchCriteriaId": "B058588A-88F3-4789-8EA9-0D37447B08CA", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*", "matchCriteriaId": "3C9649DB-D417-4CCC-9F61-685ECB355AD7", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*", "matchCriteriaId": "722526B1-12E3-42E7-95ED-84A86D0C189A", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption." }, { "lang": "es", "value": "El c\u00f3digo del cliente FTP wininet.dll en Microsoft Internet Explorer 5.01 y 6 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una respuesta FTP del servidor de una longitud espec\u00edfica que provoca que el byte nulo de terminaci\u00f3n sea escrito fuera del b\u00fafer, lo cual provoca la corrupci\u00f3n de la pila." } ], "id": "CVE-2007-0217", "lastModified": "2024-11-21T00:25:16.220", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-02-13T22:28:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/24156" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/613564" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/31892" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/22489" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1017642" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24156" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/613564" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/31892" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22489" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017642" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size." } ], "id": "CVE-2002-0500", "lastModified": "2024-11-20T23:39:14.297", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-08-12T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0331.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/8658.php" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/4371" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0331.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/8658.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/4371" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-02-11 03:00
Modified
2024-11-21 02:22
Severity ?
Summary
Microsoft Internet Explorer 8 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 8 | |
microsoft | internet_explorer | 10 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 8 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Internet Explorer 8 y 10 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de la corrupci\u00f3n de memoria de Internet Explorer.\u0027" } ], "id": "CVE-2015-0049", "lastModified": "2024-11-21T02:22:16.437", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2015-02-11T03:00:55.870", "references": [ { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/72418" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1031723" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72418" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031723" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-07-27 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 5.0 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.0.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 5.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value." }, { "lang": "es", "value": "Error de falta de signo en enteros en imgbmp.cxx de Windows 2000 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una imagen BMP con un valor bfOffBits grande." } ], "id": "CVE-2004-0566", "lastModified": "2024-11-20T23:48:52.290", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-07-27T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0806.html" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/266926" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-212A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15210" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A216" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A306" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A322" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A507" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A515" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0806.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/266926" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-212A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15210" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A216" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A306" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A322" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A507" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A515" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2012-06-12 22:55
Modified
2024-11-21 01:37
Severity ?
Summary
The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*", "matchCriteriaId": "EE98CEE9-200B-494A-B645-D14ACB577250", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:lync:2010:*:x64:*:*:*:*:*", "matchCriteriaId": "AF2C62AD-CC37-42B4-88AD-75F8F603ADEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:lync:2010:*:x86:*:*:*:*:*", "matchCriteriaId": "F01B787D-6263-4753-977D-211432447E38", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_communicator:2007:r2:*:*:*:*:*:*", "matchCriteriaId": "7234718B-FD5B-4C9E-8D32-E0A9DDDA7619", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:x86:*:*:*:*:*", "matchCriteriaId": "A2C3594F-7C2C-4E2D-9BC5-F4F89B7BF4D5", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*", "matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*", "matchCriteriaId": "B2B19826-5516-4899-9599-F95D0A03FBCD", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*", "matchCriteriaId": "4945F25F-2828-4D03-930B-A109BA73E00C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*", "matchCriteriaId": "32C28EC2-8A34-4E30-A76A-86921D7332C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:x64:*:*:*:*:*", "matchCriteriaId": "CE381783-027E-4B6D-B801-59873E5EA483", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:x86:*:*:*:*:*", "matchCriteriaId": "A2C3594F-7C2C-4E2D-9BC5-F4F89B7BF4D5", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*", "matchCriteriaId": "4FA15D65-7C32-4C7A-9915-746AB3F454EE", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*", "matchCriteriaId": "976EFC05-9B37-4661-AD34-4FFDB5AB48E0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*", "matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*", "matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*", "matchCriteriaId": "32C28EC2-8A34-4E30-A76A-86921D7332C1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*", "matchCriteriaId": "95DC297F-06DB-4FB3-BFB6-7312C059E047", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka \"HTML Sanitization Vulnerability.\"" }, { "lang": "es", "value": "La API toStaticHTML (tambi\u00e9n conocido como componente SafeHTML) en Microsoft Internet Explorer v8 y v9, Communicator 2007 R2, y Lync 2010 y 2010 Attendee no maneja de forma correcta atributos de eventos y secuencias de comandos, lo que facilita a atacantes remotos conducir ataques de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) a trav\u00e9s de un documento HTML manipulado, tambi\u00e9n conocido como \"HTML Sanitization Vulnerability.\"" } ], "id": "CVE-2012-1858", "lastModified": "2024-11-21T01:37:55.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2012-06-12T22:55:01.547", "references": [ { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15530" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-06-30 22:41
Modified
2024-11-21 00:48
Severity ?
Summary
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 7 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with caballero-listener. NOTE: according to Microsoft, this is a duplicate of CVE-2008-2947, possibly a different attack vector." }, { "lang": "es", "value": "Una vulnerabilidad de tipo cross-domain en Microsoft Internet Explorer versiones 6 y 7, permite a los atacantes remotos cambiar la propiedad de ubicaci\u00f3n de una trama por medio del tipo de dato String y usar una trama de un dominio diferente para observar eventos independientes del dominio, como es demostrado mediante la observaci\u00f3n de eventos onkeydown con caballero-listener. NOTA: seg\u00fan Microsoft, este es un duplicado del CVE-2008-2947, posiblemente un vector de ataque diferente." } ], "id": "CVE-2008-2949", "lastModified": "2024-11-21T00:48:05.197", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-06-30T22:41:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://blogs.zdnet.com/security/?p=1348" }, { "source": "cve@mitre.org", "url": "http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.html" }, { "source": "cve@mitre.org", "url": "http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/516627" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1941/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.zdnet.com/security/?p=1348" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sirdarckcat.blogspot.com/2008/05/browsers-ghost-busters.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://technet.microsoft.com/en-us/security/cc405107.aspx#EHD" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/516627" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1941/references" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-04-11 23:02
Modified
2024-11-21 00:08
Severity ?
Summary
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 5.01 | |
microsoft | internet_explorer | 5.1 | |
microsoft | internet_explorer | 5.5 | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code." } ], "id": "CVE-2006-1190", "lastModified": "2024-11-21T00:08:16.003", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-04-11T23:02:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/18957" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015900" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959649" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/17455" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25552" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18957" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015900" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/959649" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17455" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1318" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25552" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-10-29 15:31
Modified
2024-11-21 00:52
Severity ?
Summary
Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 6 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important domain name only in these characters, as demonstrated by using exam%A9ple.com to spoof example.com, aka MSRC ticket MSRC7900." }, { "lang": "es", "value": "Microsoft Internet Explorer 6 omite ciertos caracteres codificados al mostrar la barra de direcciones, lo que permite a un atacante remoto falsear la barra de direcciones por medio de una URL con un dominio que difiere de un dominio importante solo en esos caracteres, como se demuestra usando exam%A9ple.com para falsear example.com, tambi\u00e9n conocido como ticket MSRC MSRC7900." } ], "id": "CVE-2008-4788", "lastModified": "2024-11-21T00:52:33.943", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2008-10-29T15:31:35.477", "references": [ { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/497825/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/497827/100/0/threaded" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46235" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/497825/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/497827/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46235" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2017-11-15 03:29
Modified
2024-11-21 03:08
Severity ?
Summary
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://www.securityfocus.com/bid/101737 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | http://www.securitytracker.com/id/1039780 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | http://www.securitytracker.com/id/1039781 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101737 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039780 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039781 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | chakracore | * | |
microsoft | internet_explorer | * | |
microsoft | windows_7 | * | |
microsoft | windows_8.1 | * | |
microsoft | windows_rt_8.1 | * | |
microsoft | windows_server_2008 | * | |
microsoft | windows_server_2008 | r2 | |
microsoft | windows_server_2012 | * | |
microsoft | windows_server_2012 | r2 | |
microsoft | edge | * | |
microsoft | internet_explorer | * | |
microsoft | windows_10 | * | |
microsoft | windows_10 | 1511 | |
microsoft | windows_10 | 1607 | |
microsoft | windows_10 | 1703 | |
microsoft | windows_10 | 1709 | |
microsoft | windows_server_2016 | * | |
microsoft | windows_server_2016 | 1709 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*", "matchCriteriaId": "6872EB28-0456-421E-810E-67C17778168C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "7519928D-0FF2-4584-8058-4C7764CD5671", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "197E82CB-81AF-40F1-A55C-7B596891A783", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "matchCriteriaId": "80EB5690-B20F-457A-A202-FBADAA17E05C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BD5B232-95EA-4F8E-8C7D-7976877AD243", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF6437F9-6631-49D3-A6C2-62329E278E31", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "matchCriteriaId": "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873." }, { "lang": "es", "value": "ChakraCore e Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2 y Microsoft Edge e Internet Explorer en Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 y Windows Server en su versi\u00f3n 1709 permiten que un atacante obtenga los mismos derechos de usuario que el usuario actual debido a la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad tambi\u00e9n se conoce como \"Scripting Engine Memory Corruption Vulnerability\". El ID de este CVE es diferente de CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871 y CVE-2017-11873." } ], "id": "CVE-2017-11838", "lastModified": "2024-11-21T03:08:36.430", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-11-15T03:29:00.670", "references": [ { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/101737" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1039780" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1039781" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/101737" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1039780" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1039781" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2024-11-21 01:59
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*", "matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372", "versionEndIncluding": "3.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*", "matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*", "matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*", "matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*", "matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*", "matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*", "matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*", "matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*", "matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372", "versionEndIncluding": "3.5", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*", "matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*", "matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*", "matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*", "matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*", "matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E", "vulnerable": true }, { "criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*", "matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad de cross-site scripting (XSS) en un componente de notas en Cybozu Garoon anteriores a 3.7.0, cuando Internet Explorer o Firefox son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados." } ], "id": "CVE-2013-6904", "lastModified": "2024-11-21T01:59:56.350", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2013-12-05T12:55:36.853", "references": [ { "source": "vultures@jpcert.or.jp", "url": "http://cs.cybozu.co.jp/information/20131202up01.php" }, { "source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN23981867/index.html" }, { "source": "vultures@jpcert.or.jp", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113" }, { "source": "vultures@jpcert.or.jp", "url": "http://osvdb.org/100572" }, { "source": "vultures@jpcert.or.jp", "tags": [ "Vendor Advisory" ], "url": "https://support.cybozu.com/ja-jp/article/6395" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cs.cybozu.co.jp/information/20131202up01.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvn.jp/en/jp/JVN23981867/index.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/100572" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://support.cybozu.com/ja-jp/article/6395" } ], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-05-21 00:59
Modified
2024-11-21 02:30
Severity ?
Summary
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "51F16DD0-B15A-4B29-B68A-D6ABA0BF9623", "versionEndIncluding": "1.0.1m", "versionStartIncluding": "1.0.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "86B99FE0-EFEF-4C34-9790-A14504D701C5", "versionEndIncluding": "1.0.2a", "versionStartIncluding": "1.0.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4D0AB50-9195-4B1B-BB76-00F0A34C9389", "versionEndIncluding": "1.0.1m", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*", "matchCriteriaId": "B64BBA96-FB3C-46AC-9A29-50EE02714FE9", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ibm:content_manager:8.5:*:*:*:*:enterprise:*:*", "matchCriteriaId": "EB672C2E-8ABF-40CD-97DA-28D939DE4C63", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "228C7B8D-18EE-444A-8067-6C222844FB8C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update95:*:*:*:*:*:*", "matchCriteriaId": "2755C397-75DF-4110-8C8A-05EFDFFF9BC1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update75:*:*:*:*:*:*", "matchCriteriaId": "D084DBE9-BF2F-4A9B-8FDE-A9A608E6B40F", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update80:*:*:*:*:*:*", "matchCriteriaId": "18FB6138-2B3D-4C4B-8647-3D1646165641", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update_33:*:*:*:*:*:*", "matchCriteriaId": "49B3533A-57B1-4EDA-9434-D75AE837F2C7", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update45:*:*:*:*:*:*", "matchCriteriaId": "914D54AC-EAAE-4A01-BA88-7F245BDA47C5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update_95:*:*:*:*:*:*", "matchCriteriaId": "33DD9C2A-9C6E-407B-8110-2EC7906DE036", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_75:*:*:*:*:*:*", "matchCriteriaId": "88FA3ACA-B2FC-4D9C-B67E-35272514FB84", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update_80:*:*:*:*:*:*", "matchCriteriaId": "17B87292-EDBB-4D5A-8874-7405F040FAA6", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_33:*:*:*:*:*:*", "matchCriteriaId": "366E2702-633C-4D4C-ACF8-4CBEC66719F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update_45:*:*:*:*:*:*", "matchCriteriaId": "8CFE55B4-9A07-4E88-98AC-8345243AEF79", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "D5BAC17C-EF31-4E94-9020-47B781AD94B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", "matchCriteriaId": "DB2A1559-651C-46B0-B436-8E03DC8A60D2", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB31BE7C-CB6D-447E-AFF8-618998950FC5", "versionEndIncluding": "8.3", "vulnerable": true }, { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "68566BD8-D5DD-4747-9C9A-59154400EBFA", "versionEndIncluding": "10.10.3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:network_security_services:3.19:*:*:*:*:*:*:*", "matchCriteriaId": "C6809678-475F-4703-BC9E-31EC8CAD3A24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF02A45-1811-44F2-B3C9-90C11F5DF6DF", "versionEndIncluding": "1121", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFDA34B4-65B4-41A5-AC22-667C8D8FF4B7", "vulnerable": true }, { "criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", "matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*", "matchCriteriaId": "C37BA825-679F-4257-9F2B-CE2318B75396", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*", "matchCriteriaId": "97D4FFCF-5309-43B6-9FD5-680C6D535A7F", "vulnerable": true }, { "criteria": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*", "matchCriteriaId": "4545786D-3129-4D92-B218-F4A92428ED48", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B692B58-6FB8-455F-86C0-35E0F216A736", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:firefox_esr:31.8:*:*:*:*:*:*:*", "matchCriteriaId": "FA389FFB-2289-4BFB-90A1-0E7EC42FFCEB", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:seamonkey:2.35:*:*:*:*:*:*:*", "matchCriteriaId": "DA79F816-D26E-4A0D-8CD8-994EBB42C822", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:31.8:*:*:*:*:*:*:*", "matchCriteriaId": "1C87BCC3-0315-4B3C-BFCD-1E218B475251", "vulnerable": true }, { "criteria": "cpe:2.3:a:mozilla:thunderbird:38.1:*:*:*:*:*:*:*", "matchCriteriaId": "4C00748D-ECFC-4ACA-964B-92330FE7B0EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:mozilla:firefox_os:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "E50128DD-9997-49E6-A47E-6A0B7959B3AA", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue." }, { "lang": "es", "value": "El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT est\u00e1 habilitada en un servidor pero no en un cliente, no transporta una elecci\u00f3n DHE_EXPORT, lo que permite a atacantes man-in-the-middle realizar ataques de degradaci\u00f3n del cifrado mediante la rescritura de un ClientHello con DHE remplazado por DHE_EXPORT y posteriormente la rescritura de un ServerHello con DHE_EXPORT remplazado por DHE, tambi\u00e9n conocido como el problema \u0027Logjam\u0027." } ], "id": "CVE-2015-4000", "lastModified": "2024-11-21T02:30:14.667", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2015-05-21T00:59:00.087", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10681" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://openwall.com/lists/oss-security/2015/05/20/8" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT204941" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT204942" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://support.citrix.com/article/CTX201114" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3287" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3300" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3316" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3324" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3339" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2016/dsa-3688" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/74733" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/91787" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032474" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032475" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032476" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032637" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032645" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032647" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032648" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032649" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032650" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032651" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032652" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032653" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032654" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032655" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032656" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032688" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032699" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032702" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032727" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032759" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032777" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032778" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032783" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032784" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032856" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032864" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032865" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032871" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032884" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032910" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032932" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032960" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033019" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033064" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033065" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033067" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033208" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033209" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033210" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033222" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033341" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033385" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033416" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033430" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033433" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033513" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033760" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033891" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033991" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1034087" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1034728" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1034884" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1036218" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040630" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2656-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2656-2" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2673-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2696-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2706-1" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://bto.bluecoat.com/security-advisory/sa98" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://openssl.org/news/secadv/20150611.txt" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://puppet.com/security/cve/CVE-2015-4000" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201506-02" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201512-10" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201603-11" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201701-46" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20150619-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://support.citrix.com/article/CTX216642" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03831en_us" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://weakdh.org/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://weakdh.org/imperfect-forward-secrecy.pdf" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv_20150611.txt" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.suse.com/security/cve/CVE-2015-4000.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10681" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://openwall.com/lists/oss-security/2015/05/20/8" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT204941" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://support.apple.com/kb/HT204942" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://support.citrix.com/article/CTX201114" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3287" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3300" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3316" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3324" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2015/dsa-3339" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.debian.org/security/2016/dsa-3688" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/74733" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/91787" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032474" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032475" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032476" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032637" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032645" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032647" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032648" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032649" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032650" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032651" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032652" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032653" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032654" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032655" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032656" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032688" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032699" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032702" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032727" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032759" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032777" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032778" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032783" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032784" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032856" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032864" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032865" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032871" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032884" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032910" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032932" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1032960" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033019" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033064" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033065" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033067" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033208" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033209" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033210" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033222" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033341" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033385" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033416" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033430" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033433" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033513" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033760" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033891" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033991" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1034087" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1034728" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1034884" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1036218" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040630" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2656-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2656-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2673-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2696-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.ubuntu.com/usn/USN-2706-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://bto.bluecoat.com/security-advisory/sa98" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://openssl.org/news/secadv/20150611.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://puppet.com/security/cve/CVE-2015-4000" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201506-02" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201512-10" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201603-11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/201701-46" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20150619-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.citrix.com/article/CTX216642" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03831en_us" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://weakdh.org/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://weakdh.org/imperfect-forward-secrecy.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.openssl.org/news/secadv_20150611.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.suse.com/security/cve/CVE-2015-4000.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-310" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-08-11 18:47
Modified
2024-11-21 01:16
Severity ?
Summary
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-222A.html | Third Party Advisory, US Government Resource | |
secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053 | Patch, Vendor Advisory | |
secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11984 | Tool Signature | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-222A.html | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11984 | Tool Signature |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 8 | |
microsoft | windows_7 | - | |
microsoft | windows_server_2003 | - | |
microsoft | windows_server_2008 | - | |
microsoft | windows_server_2008 | - | |
microsoft | windows_server_2008 | r2 | |
microsoft | windows_vista | - | |
microsoft | windows_vista | - | |
microsoft | windows_xp | - | |
microsoft | windows_xp | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:-:*:*:*:*:*:*", "matchCriteriaId": "C2EE0AD3-2ADC-480E-B03E-06962EC4F095", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*", "matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*", "matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability,\" a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246." }, { "lang": "es", "value": "Microsoft Internet Explorer 8 no maneja apropiadamente los objetos en memoria, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n accediendo a un objeto que (1) no haya sido inicializado apropiadamente o (2) est\u00e1 borrado, lo que implica corrupci\u00f3n de memoria. Tambi\u00e9n conocido c\u00f3mo \"Uninitialized Memory Corruption Vulnerability\" (Vulnerabilidad de corrupci\u00f3n de memoria sin inicializar), una vulnerabilidad diferente a CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246." } ], "id": "CVE-2010-2559", "lastModified": "2024-11-21T01:16:54.387", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2010-08-11T18:47:50.967", "references": [ { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053" }, { "source": "secure@microsoft.com", "tags": [ "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11984" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11984" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-908" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-06-11 04:56
Modified
2024-11-21 02:06
Severity ?
Summary
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-1803.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 8 | |
microsoft | internet_explorer | 9 | |
microsoft | internet_explorer | 10 | |
microsoft | internet_explorer | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, and CVE-2014-1803." }, { "lang": "es", "value": "Microsoft Internet Explorer 6 hasta 11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocido como \u0027Vulnerabilidad de Corrupci\u00f3n de Memoria de Internet Explorer,\u0027 una vulnerabilidad diferente a CVE-2014-0282, CVE-2014-1775, CVE-2014-1779, CVE-2014-1799 y CVE-2014-1803." } ], "id": "CVE-2014-2757", "lastModified": "2024-11-21T02:06:53.920", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2014-06-11T04:56:19.320", "references": [ { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/67842" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1030370" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/67842" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030370" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-07-08 22:55
Modified
2024-11-21 02:06
Severity ?
Summary
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2789, CVE-2014-2798, and CVE-2014-2804.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 8 | |
microsoft | internet_explorer | 9 | |
microsoft | internet_explorer | 10 | |
microsoft | internet_explorer | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2789, CVE-2014-2798, and CVE-2014-2804." }, { "lang": "es", "value": "Microsoft Internet Explorer 8 hasta 11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de corrupci\u00f3n de memoria de Internet Explorer,\u0027 una vulnerabilidad diferente a CVE-2014-2789, CVE-2014-2798 y CVE-2014-2804." } ], "id": "CVE-2014-2795", "lastModified": "2024-11-21T02:06:57.883", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2014-07-08T22:55:07.007", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/59775" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/68379" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1030532" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59775" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/68379" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030532" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-05-13 10:59
Modified
2024-11-21 02:25
Severity ?
Summary
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1711, and CVE-2015-1718.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1711, and CVE-2015-1718." }, { "lang": "es", "value": "Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de la corrupci\u00f3n de memoria de Internet Explorer,\u0027 una vulnerabilidad diferente a CVE-2015-1658, CVE-2015-1706, CVE-2015-1711, y CVE-2015-1718." } ], "id": "CVE-2015-1717", "lastModified": "2024-11-21T02:25:59.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2015-05-13T10:59:41.433", "references": [ { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/74606" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1032282" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/74606" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032282" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-06-12 14:29
Modified
2024-11-21 04:35
Severity ?
Summary
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1055.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1080 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1080 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 9 | |
microsoft | windows_server_2008 | - | |
microsoft | internet_explorer | 10 | |
microsoft | windows_server_2012 | - | |
microsoft | internet_explorer | 11 | |
microsoft | windows_10 | - | |
microsoft | windows_10 | 1607 | |
microsoft | windows_10 | 1703 | |
microsoft | windows_10 | 1709 | |
microsoft | windows_10 | 1803 | |
microsoft | windows_10 | 1809 | |
microsoft | windows_10 | 1903 | |
microsoft | windows_7 | - | |
microsoft | windows_8.1 | - | |
microsoft | windows_rt_8.1 | - | |
microsoft | windows_server_2008 | r2 | |
microsoft | windows_server_2012 | - | |
microsoft | windows_server_2012 | r2 | |
microsoft | windows_server_2016 | - | |
microsoft | windows_server_2019 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \u0027Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1055." }, { "lang": "es", "value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en la manera en que el motor de scripting maneja objetos en la memoria de los navegadores de Microsoft, tambi\u00e9n se conoce como \u0027Scripting Engine Memory Corruption Vulnerability\u0027. Este ID de CVE es diferente de CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1055." } ], "id": "CVE-2019-1080", "lastModified": "2024-11-21T04:35:58.527", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-06-12T14:29:04.383", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1080" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1080" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-07-14 21:59
Modified
2024-11-21 02:27
Severity ?
Summary
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1767 and CVE-2015-2408.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 9 | |
microsoft | internet_explorer | 10 | |
microsoft | internet_explorer | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1767 and CVE-2015-2408." }, { "lang": "es", "value": "Microsoft Internet Explorer de la versi\u00f3n 9 a la 11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una p\u00e1gina web manipulada, tambi\u00e9n conocida como \u201cVulnerabilidad de corrupci\u00f3n de Memoria en Internet Explorer\u201d, una vulnerabilidad diferente a CVE-2015-1767 y CVE-2015-2408." } ], "id": "CVE-2015-2401", "lastModified": "2024-11-21T02:27:20.410", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2015-07-14T21:59:23.360", "references": [ { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1032894" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1032894" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2018-05-09 19:29
Modified
2024-11-21 03:39
Severity ?
Summary
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | http://www.securityfocus.com/bid/103993 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | http://www.securitytracker.com/id/1040846 | Third Party Advisory, VDB Entry | |
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0955 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103993 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040846 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0955 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 9 | |
microsoft | internet_explorer | 10 | |
microsoft | internet_explorer | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*", "matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "matchCriteriaId": "15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139." }, { "lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo que se manifiesta en la forma en la que el motor de scripting gestiona los objetos en la memoria en Internet Explorer. Esto tambi\u00e9n se conoce como \"Scripting Engine Memory Corruption Vulnerability\". Esto afecta a Internet Explorer 9, Internet Explorer 11 e Internet Explorer 10. El ID de este CVE es diferente de CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137 y CVE-2018-8139." } ], "id": "CVE-2018-0955", "lastModified": "2024-11-21T03:39:17.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-05-09T19:29:00.760", "references": [ { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/103993" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040846" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0955" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/103993" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1040846" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0955" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-08-12 21:55
Modified
2024-11-21 02:09
Severity ?
Summary
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4067.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 10 | |
microsoft | internet_explorer | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4067." }, { "lang": "es", "value": "Microsoft Internet Explorer 10 y 11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocido como \u0027vulnerabilidad de corrupci\u00f3n de memoria de Internet Explorer,\u0027 una vulnerabilidad diferente a CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, y CVE-2014-4067." } ], "id": "CVE-2014-4055", "lastModified": "2024-11-21T02:09:25.360", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2014-08-12T21:55:07.647", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/60670" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/69128" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1030715" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94987" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60670" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/69128" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030715" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94987" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-08-09 21:59
Modified
2024-11-21 02:49
Severity ?
Summary
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 11 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*", "matchCriteriaId": "15BAAA8C-7AF1-46CE-9FFB-3A498508A1BF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3290." }, { "lang": "es", "value": "Microsoft Internet Explorer 11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una p\u00e1gina web manipulada, tambi\u00e9n conocida como \"Internet Explorer Memory Corruption Vulnerability\", un vulnerabilidad diferente a CVE-2016-3290." } ], "id": "CVE-2016-3288", "lastModified": "2024-11-21T02:49:44.200", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-08-09T21:59:01.580", "references": [ { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/92321" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1036562" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095" }, { "source": "secure@microsoft.com", "url": "https://www.exploit-db.com/exploits/40253/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/92321" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1036562" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-095" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/40253/" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2014-06-11 04:56
Modified
2024-11-21 02:05
Severity ?
Summary
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0282, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 8 | |
microsoft | internet_explorer | 9 | |
microsoft | internet_explorer | 10 | |
microsoft | internet_explorer | 11 |