Zero-day Vulnerability Database
Zero-day vulnerabilities discovered: 20
Privilege escalation in Microsoft Windows
CVE-2014-6324
Privilege escalation
The vulnerability allows a remote authenticated attacker to obtain elevated privileges on the target system.The weakness exists due to the failure to properly validate signatures in the Kerberos ticket by the Microsoft Kerberos KDC implementation. A remote attacker can forge a ticket and elevate an unprivileged domain user account to a domain administrator account.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Exploited by Duqu.
The vulnerability was reported by Qualcomm Information Security & Risk Management team.
Software: Windows
The vulnerability was reported by Qualcomm Information Security & Risk Management team.
Links:
https://technet.microsoft.com/library/security/MS14-068
https://blogs.technet.microsoft.com/srd/2014/11/18/additional-information-about-cve-2014-6324/
http://securityaffairs.co/wordpress/30320/security/microsoft-patch-kerberos-bug.html
https://www.symantec.com/security_response/vulnerability.jsp?bid=70958
https://www.netiq.com/communities/cool-solutions/detecting-windows-kerberos-implementation-elevation...
Privilege escalation in Microsoft Windows
CVE-2014-4077
Privilege escalation
The vulnerability allows a remote authenticated attacker to obtain elevated privileges on the target system.The weakness exists due to improper access control in Microsoft implementation of Input Method Editor (IME) for Japanese language. A remote attacker can create a specially crafted file designed to invoke a vulnerable sandboxed application, trick the victim into opening it, gain elevated privileges and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
CVE-2014-4077 used in targeted attack in the wild to bypass Adobe Reader Sandbox via binary hijacking using malicious DIC file.
Software: Windows
Remote code execution in Microsoft Windows
CVE-2014-6352
Code injection
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to an error when handling malicious Office files. A remote attacker can create a specially crafted Microsoft Office file containing the malicious OLE object, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Microsoft first received information about this vulnerability through coordinated vulnerability disclosure. Zero-day was initially found and reported to McAfee by James Forshaw of Google Project Zero.
The vulnerability is publicly known as "Sandworm" and has been exploited by the Chinese against Taiwan.
Software: Windows
Known/fameous malware:
Trojan.Mdropper. (Symantec).
The vulnerability is publicly known as "Sandworm" and has been exploited by the Chinese against Taiwan.
Links:
https://technet.microsoft.com/en-us/library/security/ms14-064
http://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-windows-hit-by-new-zero-day-att...
https://malwarelist.net/2014/10/22/cve-2014-6352-critical-vulnerability-in-microsoft-windows/
https://www.symantec.com/connect/blogs/attackers-circumvent-patch-windows-sandworm-vulnerability
http://www.theregister.co.uk/2014/10/22/powerpoint_attacks_exploit_ms_0day/
http://www.computerworld.com/article/2837084/microsoft-misses-windows-bug-hackers-slip-past-patch.ht...
https://nakedsecurity.sophos.com/2014/10/24/has-the-sandworm-exploit-burrowed-back/
http://www.eweek.com/security/microsoft-patches-33-vulnerabilities-in-november-patch-tuesday-update....
https://techtalk.gfi.com/the-lesson-of-sandworm-patched-but-not-protected/
Multiple vulnerabilities in Microsoft Internet Explorer
CVE-2014-4123
Privilege escalation
The vulnerability allows a remote attacker to obtain elevated privileges on the target system.The weakness exists due to the failure to properly validate permissions. A remote attacker can gain elevated privileges and execute arbitrary code on the affected system.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
CrowdStrike first detected the attacks in spring.
The zero-day reported by CrowdStrike was also reported by FireEye.
The issue has been introduced in 07/27/2005.
The vulnerability was handled as a non-public zero-day exploit for at least 3366 days.
Exploited by Hurricane Panda.
Software: Microsoft Internet Explorer
The zero-day reported by CrowdStrike was also reported by FireEye.
The issue has been introduced in 07/27/2005.
The vulnerability was handled as a non-public zero-day exploit for at least 3366 days.
Exploited by Hurricane Panda.
Links:
https://blogs.technet.microsoft.com/srd/2014/10/14/assessing-risk-for-the-october-2014-security-upda...
https://technet.microsoft.com/library/security/ms14-056
https://blog.qualys.com/laws-of-vulnerabilities/2014/10/14/october-2014-patch-tuesday
https://www.symantec.com/security_response/vulnerability.jsp?bid=70326
http://www.darkreading.com/attacks-breaches/hurricane-panda-cyberspies-used-windows-zero-day-for-mon...
https://computerobz.wordpress.com/2014/10/22/october-2014-patch-tuesday-addresses-four-active-zero-d...
Remote code execution in Microsoft Windows
CVE-2014-4148
Improper input validation
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to improper input validation when processing TrueType fonts in kernel-mode driver (win32k.sys). A remote attacker can create a specially crafted font file, place it on a web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was highly exploited by advanced adversary group named HURRICANE PANDA.
Software: Windows
Links:
https://www.fireeye.com/blog/threat-research/2014/10/two-targeted-attacks-two-new-zero-days.html
https://technet.microsoft.com/en-us/library/security/ms14-058.aspx
http://security.stackexchange.com/questions/92164/the-way-vulnerabilities-like-cve-2014-4148-are-dis...
https://www.scmagazine.com/zero-day-attackers-exploit-windows-kernel-patch-tuesday-brings-fix/articl...
http://www.securityweek.com/multiple-patch-tuesday-vulnerabilities-under-attack
http://www.capitalcomputercentre.com/best-way-to-remove-s3traypd-exeexp-cve-2014-4148-exp-cve-2014-4...
Remote code execution in Microsoft Windows
CVE-2014-4114
Improper input validation
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to an error when processing OLE objects. A remote attacker can create a specially crafted OLE object, attach it to a document (e.g. PowerPoint file), trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The zero-day vulnerability is being claimed to have been used in early September in possible campaigns against NATO, Ukrainian government
organizations, Western European government organization, Energy Sector firms (specifically in Poland), European telecommunications firms, United States academic organizations.
Files in the SandWorm exploit hilighted by iSIGHT Partners include a malicious executable from a known malware family, namely the BlackEnergy Trojan.
Software: Windows
Known/fameous malware:
Dyreza Trojan.
SandWorm
BlackEnergy Trojan.
Files in the SandWorm exploit hilighted by iSIGHT Partners include a malicious executable from a known malware family, namely the BlackEnergy Trojan.
Links:
https://technet.microsoft.com/en-us/library/security/ms14-060
http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerabi...
https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-groups-exploiting-cve-...
http://security.stackexchange.com/questions/70894/windows-ole-vulnerability-cve-2014-4114-sandworm
http://thehackernews.com/2014/10/microsoft-windows-zero-day_13.html
https://www.cyphort.com/cve-2014-4114-sandworm-worm/
https://www.symantec.com/security_response/writeup.jsp?docid=2014-102322-3150-99
https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploi...
https://threatpost.com/dyreza-banker-trojan-attackers-exploiting-cve-2014-4114-windows-flaw/109071/
Privilege escalation in Microsoft Windows
CVE-2014-4113
Privilege escalation
The vulnerability allows a local attacker to obtain elevated privileges on the target system.The weakness exists due to improper handling of objects in memory by kernel-mode driver (win32k.sys). A local attacker can run a specially crafted application to gain elevated privileges and take complete control of the system.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was apparently found and reported to Microsoft by both СrowdStrike and FireEye.
The vulnerability has been actively exploited in the wild for at least five month by highly advanced adversary group named HURRICANE PANDA.
Software: Windows
Known/fameous malware:
Nuclear Exploit Kit.
The vulnerability has been actively exploited in the wild for at least five month by highly advanced adversary group named HURRICANE PANDA.
Links:
https://technet.microsoft.com/en-us/library/security/ms14-058
https://dl.packetstormsecurity.net/papers/attack/CVE-2014-4113.pdf
https://www.crowdstrike.com/blog/crowdstrike-discovers-use-64-bit-zero-day-privilege-escalation-expl...
https://www.fireeye.com/blog/threat-research/2014/10/two-targeted-attacks-two-new-zero-days.html
http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-a-windows-kernel-mode-vuln...
http://securityaffairs.co/wordpress/29270/security/microsoft-fixes-3-zero-day.html
http://www.securityweek.com/multiple-patch-tuesday-vulnerabilities-under-attack
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-lab-exploiting-cve-2014-4113.pdf
Information disclosure in Microsoft Internet Explorer
CVE-2013-7331
Information disclosure
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to information disclosure vulnerability in Microsoft XMLDOM ActiveX component. A remote attacker can create a specially crafted Web page, trick the victim into visiting it and check for the presence of local drive letters, directory names, files, as well as internal network addresses or websites.
Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.
Note: the vulnerability was being actively exploited.
PoC-code for this vulnerability was available since at least April 25, 2013.
Software: Microsoft Internet Explorer
Known/fameous malware:
Exploit kits: Angler, Rig, Nuclear, Styx.
Links:
https://technet.microsoft.com/en-us/library/security/ms14-052.aspx
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=70103
http://www.securityweek.com/microsoft-patches-internet-explorer-vulnerability-targeted-attackers
http://www.pcworld.com/article/2604688/internet-explorer-steals-the-patch-tuesday-spotlight-again.ht...
http://www.csoonline.com/article/2607297/data-protection/microsoft-patch-fixed-ie-flaw-used-against-...
https://securelist.com/blog/software/66474/microsoft-updates-september-2014-apt-loses-a-trick-remini...
https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-evolution-of-...
https://labs.bromium.com/2014/09/16/pirates-of-the-internetz-the-curse-of-the-waterhole/
https://www.scmagazine.com/watering-hole-attack-targets-website-visitors-of-oil-and-gas-start-up/art...
http://www.scmagazineuk.com/rsa-2016-fingerprinting-the-latest-twist-used-for-malvertising-attacks/a...
Privilege escalation in Microsoft Internet Explorer
CVE-2014-2817
Privelege escalation
The vulnerability allows a remote attacker to obtain elevated privileges on the target system.The weakness exists due to the failure to properly validate permissions. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, gain elevated privileges and execute arbitrary code on the affected system.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Microsoft Internet Explorer
Security bypass in Microsoft Office
CVE-2014-1809
Security bypass
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to improper implementation of Address Space Layout Randomization (ASLR) features in MSCOMCTL. By persuading a victim to visit a specially-crafted Web site or open an application or Office document with a specially-crafted ActiveX control embedded within it, an attacker could exploit this vulnerability to bypass ASLR and execute another attack that otherwise would have been blocked by ASLR.
Successful exploitation of the vulnerability results in security bypass on the vulnerable system.
Note: the vulnerability was being actively exploited.
The issue has been introduced in 01/30/2007.
Software: Microsoft Office
Privilege escalation in Microsoft Windows
CVE-2014-1812
Privilege escalation
The vulnerability allows a remote authenticated attacker to obtain elevated privileges on the target system.The weakness exists due to the method passwords are distributed when configured using group policy preference. A remote authenticated attacker can obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Windows
Links:
https://technet.microsoft.com/en-us/library/security/ms14-025
https://dirteam.com/sander/2014/05/23/security-thoughts-passwords-in-group-policy-preferences-cve-20...
https://www.tripwire.com/state-of-security/vulnerability-management/vert-alert-may-2014-microsoft-pa...
https://www.sophos.com/en-us/threat-center/threat-analyses/vulnerabilities/VET-000604.aspx
Two remote code execution vulnerabilities in Microsoft Internet Explorer
CVE-2014-1815
“Use-after-free†error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
CVE-2014-1815 was reported to Microsoft by Clement Lecigne, a security engineer who works for Google in its Swiss office.
The vulnerability was used in the phishing campaign started on or about July 21, 2014 and primarily targeting the energy industry.
Software: Microsoft Internet Explorer
The vulnerability was used in the phishing campaign started on or about July 21, 2014 and primarily targeting the energy industry.
Links:
https://technet.microsoft.com/en-us/library/security/ms14-029
https://www.symantec.com/security_response/writeup.jsp?docid=2014-051503-4437-99
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=721
http://researchcenter.paloaltonetworks.com/2014/07/beginning-end-use-free-exploitation/
http://blog.trendmicro.com/trendlabs-security-intelligence/may-2014-patch-tuesday-rolls-out-8-bullet...
http://www.securityweek.com/microsoft-adobe-patch-critical-security-vulnerabilities
Privilege escalation in Microsoft Windows
CVE-2014-1807
Privilege escalation
The vulnerability allows a local attacker to obtain elevated privileges on the target system.The weakness exists due to improper use of the ShellExecute API function. A local attacker can run a specially crafted application within the context of the Local System account and gain elevated privileges.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Windows
Remote code execution in Microsoft Internet Explorer
CVE-2014-1776
“Use-after-free†error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability uses a heap-spray technique. Used in Pawn Storm campaign.
Used by APT groups.
Software: Microsoft Internet Explorer
Used by APT groups.
Links:
https://technet.microsoft.com/en-US/library/security/2963983
https://technet.microsoft.com/en-us/library/security/ms14-021.aspx
https://www.fireeye.com/blog/threat-research/2014/04/new-zero-day-exploit-targeting-internet-explore...
https://blog.fortinet.com/2014/05/27/a-technical-analysis-of-cve-2014-1776
https://www.symantec.com/connect/blogs/emerging-threat-microsoft-internet-explorer-zero-day-cve-2014...
https://support.norton.com/sp/en/us/home/current/solutions/v98738922_EndUserProfile_en_us
https://www.trustwave.com/Resources/SpiderLabs-Blog/Microsoft-Internet-Explorer-0-Day-(CVE-2014-1776...
https://www.cyphort.com/dig-deeper-ie-vulnerability-cve-2014-1776-exploit/
http://researchcenter.paloaltonetworks.com/2014/05/tale-3-vulnerabilities-cve-2014-1776-exploit-link...
http://blog.trendmicro.com/trendlabs-security-intelligence/internet-explorer-zero-day-hits-all-versi...
https://www.beyondtrust.com/blog/internet-explorer-0day-cve-2014-1776/
http://thehackernews.com/2014/04/new-zero-day-vulnerability-cve-2014.html
https://krebsonsecurity.com/tag/cve-2014-1776/
Multiple vulnerabilities in Microsoft Word and Office Web Apps
CVE-2014-1761
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling RTF-formatted data. A remote attacker can create a specially crafted RTF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Used in Pawn Storm campaign, attacks against government agencies in Taiwan.
Software: Microsoft Office
Known/fameous malware:
Trojans like Dridex or Dyreza and ransomware like cryptolocker or Teslacrypt.
Links:
https://technet.microsoft.com/en-us/library/security/2953095.aspx
https://technet.microsoft.com/en-us/library/security/ms14-017
https://securingtomorrow.mcafee.com/mcafee-labs/close-look-rtf-zero-day-attack-cve-2014-1761-shows-s...
https://community.hpe.com/t5/Security-Research/Technical-Analysis-of-CVE-2014-1761-RTF-Vulnerability...
https://www.trustwave.com/Resources/SpiderLabs-Blog/Microsoft-Word-RTF-0-Day-(CVE-2014-1761)/
http://stopmalvertising.com/malware-reports/a-closer-look-at-cve-2014-1761.html
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/june/extracting-the-payload-fr...
https://blog.cylance.com/infinity-vs-the-real-world-ms-word-vulnerability-cve-2014-1761
https://myonlinesecurity.co.uk/reswift-copy-word-doc-malware-cve-2014-1761-exploit/
https://www.symantec.com/connect/blogs/emerging-threat-microsoft-word-zero-day-cve-2014-1761-remote-...
https://avstrike.wordpress.com/2015/05/05/exploit-cve-2014-1761-gen-removal-guide-2/
http://www.securityweek.com/new-microsoft-word-zero-day-used-targeted-attacks
https://blog.yoocare.com/remove-exploit-cve-2014-1761-gen/
https://www.crowdstrike.com/blog/cve-2014-1761-alley-compromise/
http://arstechnica.com/security/2014/03/zero-day-vulnerability-in-microsoft-word-under-active-attack...
Remote code execution in Microsoft Internet Explorer
CVE-2014-0324
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
On Feb. 11, FireEye researchers identified a zero-day exploit in Internet Explorer 10.
The exploit was being used in Operation SnowMan that compromised the U.S. Veterans of Foreign Wars website.
Software: Microsoft Internet Explorer
Known/fameous malware:
Elderwood exploit kit.
The exploit was being used in Operation SnowMan that compromised the U.S. Veterans of Foreign Wars website.
Links:
https://technet.microsoft.com/en-us/library/security/ms14-012.aspx
https://www.symantec.com/security_response/vulnerability.jsp?bid=66040
http://researchcenter.paloaltonetworks.com/2014/07/beginning-end-use-free-exploitation/
http://www.computerworld.com/article/2489451/malware-vulnerabilities/-elderwood--hackers-still-setti...
http://www.darkreading.com/researchers-recent-zero-day-attacks-linked-via-common-exploit-package/d/d...
https://ae.norton.com/security_response/print_writeup.jsp?docid=2014-031311-2821-99
https://hackermedicine.com/how-the-elderwood-platform-is-fueling-2014s-zero-day-attacks/
http://104.239.158.70/elderwood-attack-platform-linked-multiple-internet-explorer-zero-day-attacks-s...
http://www.cio.com/article/2376236/security0/-elderwood--hackers-continue-to-set-pace-for-zero-day-e...
https://www.symantec.com/connect/blogs/attackers-targeting-other-ie-zero-day-vulnerability-covered-m...
https://www.symantec.com/connect/blogs/operation-backdoor-cut-targeted-basketball-community-ie-zero-...
Remote code execution in Microsoft Internet Explorer
CVE-2014-0307
“Use-after-free†error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free when accessing an object in memory. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The flaw was most likely introduced in August 2013. The vulnerability was reported to vendor - 2014-02-04.
Private fully functional exploit code existed long before the vendor released security patch. We consider this vulnerability a zero-day.
Software: Microsoft Internet Explorer
Known/fameous malware:
JS/Exploit.CVE-2014-0307.
Private fully functional exploit code existed long before the vendor released security patch. We consider this vulnerability a zero-day.
Links:
https://technet.microsoft.com/library/security/ms14-012
https://www.symantec.com/security_response/vulnerability.jsp?bid=66032
http://ec2-75-101-158-109.compute-1.amazonaws.com/news/stories/33351-microsoft-internet-explorer-mem...
http://www.csoonline.com/article/2888040/cyber-attacks-espionage/the-top-software-exploit-of-2014-th...
http://www.techcentral.ie/top-exploit-2014-stuxnet-2010/
https://github.com/CCrashBandicot/helpful/blob/master/CVE-2014-0307.rb
Remote code execution in Microsoft Internet Explorer
CVE-2014-0322
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error related to GIFAS. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
A zero-day exploit hosted on a breached website based in the U.S Military. The vulnerability was used in the wild as part of "Operation SnowMan".
Software: Microsoft Internet Explorer
Known/fameous malware:
Trojan.Malscript
Trojan.Swifi.
Backdoor.Moudoor
Elderwood exploit kit.
Links:
https://technet.microsoft.com/library/security/2934088
https://www.fireeye.com/blog/threat-research/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2...
http://securityaffairs.co/wordpress/25002/hacking/elderwood-platform-still-active.html
https://technet.microsoft.com/en-us/library/security/ms14-012.aspx
https://www.symantec.com/connect/blogs/emerging-threat-ms-ie-10-zero-day-cve-2014-0322-use-after-fre...
https://labs.bromium.com/2014/02/25/dissecting-the-newest-ie10-0-day-exploit-cve-2014-0322/
http://thehackernews.com/2014/02/cve-2014-0322-internet-explorer-zero.html
https://blogs.forcepoint.com/security-labs/cyber-criminals-expand-use-cve-2014-0322-patch-tuesday
http://securityaffairs.co/wordpress/22224/cyber-crime/fireeye-watering-hole-attack.html
http://www.zdnet.com/article/new-internet-explorer-10-zero-day-exploit-targets-u-s-military/
http://www.eweek.com/blogs/security-watch/microsoft-ie-zero-day-exploited-in-the-wild.html
http://54.204.81.18/news/stories/269204-cyber-criminals-expand-use-of-cve-2014-0322-before-patch-tue...
Multiple vulnerabilities in Microsoft .NET Framework
CVE-2014-0295
ASLR bypass
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to missing Address Space Layout Randomization (ASLR) features in certain components. A remote attacker can create a specially crafted Web site, trick the victim into opening it, bypass security restrictions and execute another attack.
Successful exploitation of the vulnerability results in security bypass on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Microsoft .NET Framework
Information disclosure in Microsoft XML Core Services
CVE-2014-0266
Information disclosure
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper enforcement of cross-domain policies. A remote attacker can create a specially crafted Web page, trick the victim into visiting it using Internet Explorer, bypass cross-domain security restrictions and read local files or content from web domains the victim is authenticated with.
Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.
Note: the vulnerability was being actively exploited.
Microsoft and FireEye first discussed this issue in November, 2013.
Software: Microsoft XML Core Services