MS14-035:Internet Explorer 累积安全更新 (2969262)

critical Nessus 插件 ID 74427

简介

远程主机包含受到多种漏洞影响的 Web 浏览器。

描述

远程主机缺少 Internet Explorer (IE) 安全更新 2969262。

远程主机上安装的 Internet Explorer 版本受到多种漏洞的影响,其中多数为远程代码执行漏洞。攻击者只需诱使用户访问某个特别构建的网页即可利用这些漏洞。

解决方案

Microsoft 已发布一系列用于 Internet Explorer 6、7、8、9、10 和 11 的修补程序。

另见

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-035

https://www.securityfocus.com/archive/1/532798/30/0/threaded

https://www.securityfocus.com/archive/1/532799/30/0/threaded

https://www.zerodayinitiative.com/advisories/ZDI-14-194/

https://www.zerodayinitiative.com/advisories/ZDI-14-193/

https://www.zerodayinitiative.com/advisories/ZDI-14-192/

https://www.zerodayinitiative.com/advisories/ZDI-14-191/

https://www.zerodayinitiative.com/advisories/ZDI-14-190/

https://www.zerodayinitiative.com/advisories/ZDI-14-189/

https://www.zerodayinitiative.com/advisories/ZDI-14-188/

https://www.zerodayinitiative.com/advisories/ZDI-14-187/

https://www.zerodayinitiative.com/advisories/ZDI-14-186/

https://www.zerodayinitiative.com/advisories/ZDI-14-185/

https://www.zerodayinitiative.com/advisories/ZDI-14-184/

https://www.zerodayinitiative.com/advisories/ZDI-14-183/

https://www.zerodayinitiative.com/advisories/ZDI-14-182/

https://www.zerodayinitiative.com/advisories/ZDI-14-181/

https://www.zerodayinitiative.com/advisories/ZDI-14-180/

https://www.zerodayinitiative.com/advisories/ZDI-14-179/

https://www.zerodayinitiative.com/advisories/ZDI-14-178/

https://www.zerodayinitiative.com/advisories/ZDI-14-177/

https://www.zerodayinitiative.com/advisories/ZDI-14-176/

https://www.zerodayinitiative.com/advisories/ZDI-14-175/

https://www.zerodayinitiative.com/advisories/ZDI-14-174/

https://www.zerodayinitiative.com/advisories/ZDI-14-140/

插件详情

严重性: Critical

ID: 74427

文件名: smb_nt_ms14-035.nasl

版本: 1.22

类型: local

代理: windows

发布时间: 2014/6/11

最近更新时间: 2019/11/26

支持的传感器: Nessus

风险信息

VPR

风险因素: High

分数: 8.9

CVSS v2

风险因素: Critical

基本分数: 10

时间分数: 8.7

矢量: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS 分数来源: CVE-2014-1764

漏洞信息

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:ie

必需的 KB 项: SMB/MS_Bulletin_Checks/Possible

可利用: true

易利用性: Exploits are available

补丁发布日期: 2014/6/10

漏洞发布日期: 2014/5/21

可利用的方式

Core Impact

参考资料信息

CVE: CVE-2014-0282, CVE-2014-1762, CVE-2014-1764, CVE-2014-1766, CVE-2014-1769, CVE-2014-1770, CVE-2014-1771, CVE-2014-1772, CVE-2014-1773, CVE-2014-1774, CVE-2014-1775, CVE-2014-1777, CVE-2014-1778, CVE-2014-1779, CVE-2014-1780, CVE-2014-1781, CVE-2014-1782, CVE-2014-1783, CVE-2014-1784, CVE-2014-1785, CVE-2014-1786, CVE-2014-1788, CVE-2014-1789, CVE-2014-1790, CVE-2014-1791, CVE-2014-1792, CVE-2014-1794, CVE-2014-1795, CVE-2014-1796, CVE-2014-1797, CVE-2014-1799, CVE-2014-1800, CVE-2014-1802, CVE-2014-1803, CVE-2014-1804, CVE-2014-1805, CVE-2014-2753, CVE-2014-2754, CVE-2014-2755, CVE-2014-2756, CVE-2014-2757, CVE-2014-2758, CVE-2014-2759, CVE-2014-2760, CVE-2014-2761, CVE-2014-2763, CVE-2014-2764, CVE-2014-2765, CVE-2014-2766, CVE-2014-2767, CVE-2014-2768, CVE-2014-2769, CVE-2014-2770, CVE-2014-2771, CVE-2014-2772, CVE-2014-2773, CVE-2014-2775, CVE-2014-2776, CVE-2014-2777, CVE-2014-2782

BID: 67295, 67511, 67518, 67544, 67827, 67831, 67833, 67834, 67835, 67836, 67838, 67839, 67840, 67841, 67842, 67843, 67845, 67874, 67875, 67876, 67877, 67878, 67879, 67880, 67881, 67882, 67883, 67884, 67885, 67886, 67887, 67889, 67890, 67891, 67892, 67915, 68101, 67846, 67847, 67848, 67849, 67850, 67851, 67852, 67854, 67855, 67856, 67857, 67858, 67859, 67860, 67861, 67862, 67864, 67866, 67867, 67869, 67871, 67873

CERT: 239151

MSFT: MS14-035

MSKB: 2957689, 2963950