=====================================================================

                           CERT-Renater

               Note d'Information No. 2014/VULN096
_____________________________________________________________________

DATE                : 10/04/2014

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Internet Explorer version 6, 7, 8,
                                      9, 11.

======================================================================
KB2950467
http://technet.microsoft.com/en-us/security/bulletin/ms14-018
______________________________________________________________________

Microsoft Security Bulletin MS14-018 - Critical Cumulative Security
Update for Internet Explorer (2950467)

Published Date: April 8, 2014

Version: 1.0

General Information

Executive Summary

This security update resolves six privately reported vulnerabilities in
Internet Explorer. These vulnerabilities could allow remote code
execution if a user views a specially crafted webpage using
Internet Explorer. An attacker who successfully exploited these
vulnerabilities could gain the same user rights as the current user.
Users whose accounts are configured to have fewer user rights on
the system could be less impacted than users who operate with
administrative user rights.

This security update is rated Critical for Internet Explorer 6,
Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and
Internet Explorer 11 on affected Windows clients, and Moderate
for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8,
Internet Explorer 9, and Internet Explorer 11 on affected Windows
servers.


Affected Software

Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 11


Vulnerability Information

Multiple Memory Corruption Vulnerabilities in Internet Explorer -
CVE-2014-0235, CVE-2014-1751,
CVE-2014-1752, CVE-2014-1753, CVE-2014-1755, CVE-2014-1760

Remote code execution vulnerabilities exist when Internet Explorer
improperly accesses objects in memory. These vulnerabilities could
corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================