Kaspersky Threats

Detect date

?

06/10/2014

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer versions 6-11. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass a sandbox protection mechanism, obtain sensitive information, modify TLS session data or read local files.

Below is a complete list of vulnerabilities

Vectors related to unknown applications can be exploited to cause a denial of service via crafted web site
Vectors related to unknown applications can be exploited to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism
Use-after-free at CMarkup::CreateInitialMarkup function.
X.509 certificate verification missing near renegotiation at SChannel

Affected products

Microsoft Internet Explorer versions from 6 to 11.

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

Microsoft bulletin
CVE-2014-1800
CVE-2014-1799
CVE-2014-1803
CVE-2014-1802
CVE-2014-1805
CVE-2014-1804
CVE-2014-2754
CVE-2014-2753
CVE-2014-2756
CVE-2014-2755
CVE-2014-2777
CVE-2014-1779
CVE-2014-1778
CVE-2014-1777
CVE-2014-1775
CVE-2014-1783
CVE-2014-1782
CVE-2014-1781
CVE-2014-1780
CVE-2014-2776
CVE-2014-2775
CVE-2014-1785
CVE-2014-1784
CVE-2014-2771
CVE-2014-2770
CVE-2014-2769
CVE-2014-2768
CVE-2014-2772
CVE-2014-2773
CVE-2014-2782
CVE-2014-2759
CVE-2014-1794
CVE-2014-1795
CVE-2014-1791
CVE-2014-1792
CVE-2014-1789
CVE-2014-1790
CVE-2014-1786
CVE-2014-1788
CVE-2014-1796
CVE-2014-1797
CVE-2014-0282
CVE-2014-1762
CVE-2014-1764
CVE-2014-1766
CVE-2014-1769
CVE-2014-1770
CVE-2014-1771
CVE-2014-1772
CVE-2014-1773
CVE-2014-2763
CVE-2014-2764
CVE-2014-2765
CVE-2014-2757
CVE-2014-2758
CVE-2014-1774
CVE-2014-2760
CVE-2014-2761
CVE-2014-2766
CVE-2014-2767

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

Related products

Microsoft Internet Explorer

CVE-IDS

?

Microsoft official advisories

Microsoft Security Update Guide

KB list

2963950
2969262
2957689

Detect date ?	06/10/2014
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft Internet Explorer versions 6-11. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass a sandbox protection mechanism, obtain sensitive information, modify TLS session data or read local files. Below is a complete list of vulnerabilities Vectors related to unknown applications can be exploited to cause a denial of service via crafted web site Vectors related to unknown applications can be exploited to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism Use-after-free at CMarkup::CreateInitialMarkup function. X.509 certificate verification missing near renegotiation at SChannel
Affected products	Microsoft Internet Explorer versions from 6 to 11.
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	Microsoft bulletin CVE-2014-1800 CVE-2014-1799 CVE-2014-1803 CVE-2014-1802 CVE-2014-1805 CVE-2014-1804 CVE-2014-2754 CVE-2014-2753 CVE-2014-2756 CVE-2014-2755 CVE-2014-2777 CVE-2014-1779 CVE-2014-1778 CVE-2014-1777 CVE-2014-1775 CVE-2014-1783 CVE-2014-1782 CVE-2014-1781 CVE-2014-1780 CVE-2014-2776 CVE-2014-2775 CVE-2014-1785 CVE-2014-1784 CVE-2014-2771 CVE-2014-2770 CVE-2014-2769 CVE-2014-2768 CVE-2014-2772 CVE-2014-2773 CVE-2014-2782 CVE-2014-2759 CVE-2014-1794 CVE-2014-1795 CVE-2014-1791 CVE-2014-1792 CVE-2014-1789 CVE-2014-1790 CVE-2014-1786 CVE-2014-1788 CVE-2014-1796 CVE-2014-1797 CVE-2014-0282 CVE-2014-1762 CVE-2014-1764 CVE-2014-1766 CVE-2014-1769 CVE-2014-1770 CVE-2014-1771 CVE-2014-1772 CVE-2014-1773 CVE-2014-2763 CVE-2014-2764 CVE-2014-2765 CVE-2014-2757 CVE-2014-2758 CVE-2014-1774 CVE-2014-2760 CVE-2014-2761 CVE-2014-2766 CVE-2014-2767
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?]
Related products	Microsoft Internet Explorer
CVE-IDS ?	CVE-2014-18009.3Critical CVE-2014-17999.3Critical CVE-2014-18039.3Critical CVE-2014-18029.3Critical CVE-2014-18059.3Critical CVE-2014-18049.3Critical CVE-2014-27549.3Critical CVE-2014-27539.3Critical CVE-2014-27569.3Critical CVE-2014-27559.3Critical CVE-2014-27777.5Critical CVE-2014-17799.3Critical CVE-2014-17786.8High CVE-2014-17774.3Warning CVE-2014-17759.3Critical CVE-2014-17839.3Critical CVE-2014-17829.3Critical CVE-2014-17819.3Critical CVE-2014-17809.3Critical CVE-2014-27769.3Critical CVE-2014-27759.3Critical CVE-2014-17859.3Critical CVE-2014-17849.3Critical CVE-2014-27719.3Critical CVE-2014-27709.3Critical CVE-2014-27699.3Critical CVE-2014-27689.3Critical CVE-2014-27729.3Critical CVE-2014-27739.3Critical CVE-2014-27829.3Critical CVE-2014-27599.3Critical CVE-2014-17949.3Critical CVE-2014-17959.3Critical CVE-2014-17919.3Critical CVE-2014-17929.3Critical CVE-2014-17899.3Critical CVE-2014-17909.3Critical CVE-2014-17869.3Critical CVE-2014-17889.3Critical CVE-2014-17969.3Critical CVE-2014-17979.3Critical CVE-2014-02829.3Critical CVE-2014-17627.5Critical CVE-2014-176410.0Critical CVE-2014-17667.2High CVE-2014-17699.3Critical CVE-2014-17709.3Critical CVE-2014-17716.8High CVE-2014-17729.3Critical CVE-2014-17739.3Critical CVE-2014-27639.3Critical CVE-2014-27649.3Critical CVE-2014-27659.3Critical CVE-2014-27579.3Critical CVE-2014-27589.3Critical CVE-2014-17749.3Critical CVE-2014-27609.3Critical CVE-2014-27619.3Critical CVE-2014-27669.3Critical CVE-2014-27679.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	2963950 2969262 2957689