Severity Rating: Critical
Revision Note: V1.1 (June 17, 2014): Corrected the severity table and vulnerability information to add CVE-2014-2782 as a vulnerability addressed by this update. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
Summary: This security update resolves two publicly disclosed vulnerabilities and fifty-eight privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Monthly Archives: June 2014
CVE-2014-3994 (djblets, reviewboard)
Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name.
CVE-2014-2176 (asr_9001, asr_9006, asr_9010, asr_9904, asr_9912, asr_9922, ios_xr)
Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-based line card is used, allows remote attackers to cause a denial of service (NP chip and line card reload) via malformed IPv6 packets, aka Bug ID CSCun71928.
CVE-2014-3290 (ios_xe)
The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867.
CVE-2014-3295 (nx-os)
The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remote attackers to bypass authentication and cause a denial of service (group-member state modification and traffic blackholing) via malformed HSRP packets, aka Bug ID CSCup11309.
Panda Security rewards Beta Tester of the Year with up to €600
Panda Security,The Cloud Security Company, today announced the beta release of Panda Global Protection 2015, its comprehensive anti-malware solution for protecting the information and digital life of home computer users. The new version has more features and is lighter, more secure and more complete than ever before.
This year, everything is new  Â
Panda Global Protection 2015 Beta is the most comprehensive solution in Panda Security’s new retail product line, and includes key improvements from the product’s 2014 version:
- New, more straightforward interface.
- New technological platform that harnesses the power of Panda’s cloud.
- Wi-Fi protection thanks to its firewall and intrusion detection system.
- Parental controls to monitor kids’ browsing habits, giving them the freedom they need with the protection that parents demand.
- Data Shield module to keep confidential documents safe from viruses designed to steal or hijack them.
- New Tuneup module to keep users’ computers clean and tidy. Users won’t see the difference, but they will notice it.
Beta Tester Challenge: exclusive prizes for the community
Along with the release of the beta, Panda Security also announced the launch of a competition with exclusive prizes to reward its beta testers:€ 600 for the ‘beta tester of the year’, 9 prizes of € 200, and 250 one-year subscriptions to Panda Global Protection 2015 (for 3 devices).
“Beta versions help us ensure our products include every feature demanded by our user community and everything works as requested. Users’ opinions are key to making our products even better, so we listen to and interact with them to make sure our solutions are perfectly suited to their needsâ€, explained Hervé Lambert, Retail Product Marketing Manager at Panda Security.
“This year’s version has been developed from scratch. Everything is new, and we can safely say that Panda Global Protection 2015 is lighter, more secure and more complete than ever before. In a word, it is clearly better. This is our opinion, and we expect our beta testers to confirm itâ€, concluded Lambert.
Beta testers who want to submit suggestions, questions and comments to Panda Security can do so through the company’s Beta Forum or via the following email address: [email protected].
CVE-2014-4034 (zerocms)
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
CVE-2014-1781 (internet_explorer)
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-1792, CVE-2014-1804, and CVE-2014-2770.
CVE-2014-1783 (internet_explorer)
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-1773, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
CVE-2014-1782 (internet_explorer)
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2014-1769, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.