Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2783

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2014-2783
Last Modified 17 Jul 2014 01:06:25
Published 08 Jul 2014 06:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2783

Summary

Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka "Extended Validation (EV) Certificate Security Feature Bypass Vulnerability."

Vulnerable Systems

Application

  • Microsoft Internet Explorer 10

  • Microsoft Internet Explorer 11

  • Microsoft Internet Explorer 7

  • Microsoft Internet Explorer 8

  • Microsoft Internet Explorer 9


References

MS - MS14-037

SECTRACK - 1030532

BID - 68391

SECUNIA - 59775

Related Patches

MS14-037 Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 x64 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 x64 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 x64 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 7 for Windows Vista x64 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 8 for Windows Vista x64 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 9 for Windows Vista x64 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 8 for WEPOS and POSReady 2009 (KB2962872)

MS14-037 Cumulative Security Update for Internet Explorer 7 for WEPOS and POSReady 2009 (KB2962872)


Last Updated: 27 May 2016 11:05:48