Microsoft : Security Vulnerabilities Published In 2014
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-8455.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 88.29% |
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-8460.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 17.76% |
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-8461.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 78.23% |
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequence specifying the run-in value for the display property, leading to improper CElement reference counting.
| Max Base Score | 6.8 |
| Published | 2014-12-15 |
| Updated | 2015-10-30 |
| EPSS | 5.01% |
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
| Max Base Score | 9.3 |
| Published | 2014-12-11 |
| Updated | 2018-10-12 |
| EPSS | 54.78% |
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-9158.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 78.23% |
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-9159.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 69.84% |
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8461, and CVE-2014-9158.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 78.23% |
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 78.23% |
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8460 and CVE-2014-9159.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 69.84% |
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 78.23% |
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-9165.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 88.29% |
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8455 and CVE-2014-9165.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 88.29% |
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors.
| Max Base Score | 5.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 0.19% |
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
| Max Base Score | 5.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 1.18% |
An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448.
| Max Base Score | 5.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 4.62% |
Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 33.77% |
An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451.
| Max Base Score | 5.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 4.62% |
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 78.23% |
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 9.40% |
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
| Max Base Score | 10.0 |
| Published | 2014-12-10 |
| Updated | 2014-12-12 |
| EPSS | 78.23% |
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.
| Max Base Score | 6.8 |
| Published | 2014-10-16 |
| Updated | 2017-09-08 |
| EPSS | 11.08% |
Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or dial arbitrary telephone numbers, by tapping the SOS Option and then tapping the Green Call Option.
| Max Base Score | 6.6 |
| Published | 2014-09-22 |
| Updated | 2017-09-08 |
| EPSS | 0.04% |
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6327 and CVE-2014-6329.
| Max Base Score | 9.3 |
| Published | 2014-12-11 |
| Updated | 2018-10-12 |
| EPSS | 54.78% |
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
| Max Base Score | 9.3 |
| Published | 2014-12-11 |
| Updated | 2018-10-12 |
| EPSS | 54.78% |