Vulnerability-Lookup

CVE-2014-6332 (GCVE-0-2014-6332)

Vulnerability from cvelistv5 – Published: 2014-11-11 22:00 – Updated: 2025-10-22 00:05

Summary

OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Assigner

microsoft

References

URL

Tags

	https://www.exploit-db.com/exploits/37668/	exploitx_refsource_EXPLOIT-DB
	https://www.exploit-db.com/exploits/37800/	exploitx_refsource_EXPLOIT-DB
	http://www.kb.cert.org/vuls/id/158647	third-party-advisoryx_refsource_CERT-VN
	https://www.exploit-db.com/exploits/38512/	exploitx_refsource_EXPLOIT-DB
	http://www.us-cert.gov/ncas/alerts/TA14-318B	third-party-advisoryx_refsource_CERT
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://packetstormsecurity.com/files/134062/HTML-…	x_refsource_MISC
	http://www.securityfocus.com/bid/70952	vdb-entryx_refsource_BID
	http://packetstormsecurity.com/files/134064/Micro…	x_refsource_MISC
	http://packetstormsecurity.com/files/134053/Avant…	x_refsource_MISC
	http://www.securitytracker.com/id/1031184	vdb-entryx_refsource_SECTRACK
	http://packetstormsecurity.com/files/134061/The-W…	x_refsource_MISC
	https://forsec.nl/wp-content/uploads/2014/11/ms14…	x_refsource_MISC
	http://packetstormsecurity.com/files/134079/Winam…	x_refsource_MISC
	http://securityintelligence.com/ibm-x-force-resea…	x_refsource_MISC
	https://www.exploit-db.com/exploits/38500/	exploitx_refsource_EXPLOIT-DB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:10:13.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37668",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37668/"
          },
          {
            "name": "37800",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37800/"
          },
          {
            "name": "VU#158647",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/158647"
          },
          {
            "name": "38512",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/38512/"
          },
          {
            "name": "TA14-318B",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/ncas/alerts/TA14-318B"
          },
          {
            "name": "MS14-064",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html"
          },
          {
            "name": "70952",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70952"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html"
          },
          {
            "name": "1031184",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031184"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows"
          },
          {
            "name": "38500",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/38500/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2014-6332",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T20:43:30.345488Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6332"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:34.718Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6332"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-25T00:00:00.000Z",
            "value": "CVE-2014-6332 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka \"Windows OLE Automation Array Remote Code Execution Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "37668",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/37668/"
        },
        {
          "name": "37800",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/37800/"
        },
        {
          "name": "VU#158647",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/158647"
        },
        {
          "name": "38512",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/38512/"
        },
        {
          "name": "TA14-318B",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/ncas/alerts/TA14-318B"
        },
        {
          "name": "MS14-064",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html"
        },
        {
          "name": "70952",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70952"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html"
        },
        {
          "name": "1031184",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031184"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows"
        },
        {
          "name": "38500",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/38500/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2014-6332",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka \"Windows OLE Automation Array Remote Code Execution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37668",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/37668/"
            },
            {
              "name": "37800",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/37800/"
            },
            {
              "name": "VU#158647",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/158647"
            },
            {
              "name": "38512",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/38512/"
            },
            {
              "name": "TA14-318B",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/ncas/alerts/TA14-318B"
            },
            {
              "name": "MS14-064",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064"
            },
            {
              "name": "http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html"
            },
            {
              "name": "70952",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70952"
            },
            {
              "name": "http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html"
            },
            {
              "name": "1031184",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031184"
            },
            {
              "name": "http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html"
            },
            {
              "name": "https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt",
              "refsource": "MISC",
              "url": "https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt"
            },
            {
              "name": "http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html"
            },
            {
              "name": "http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows",
              "refsource": "MISC",
              "url": "http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows"
            },
            {
              "name": "38500",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/38500/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2014-6332",
    "datePublished": "2014-11-11T22:00:00.000Z",
    "dateReserved": "2014-09-11T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:34.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2014-6332",
      "cwes": "[\"CWE-119\"]",
      "dateAdded": "2022-03-25",
      "dueDate": "2022-04-15",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2014-6332",
      "product": "Windows",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Windows Object Linking \u0026 Embedding (OLE) Automation Array Remote Code Execution Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/37668/\", \"name\": \"37668\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/37800/\", \"name\": \"37800\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/158647\", \"name\": \"VU#158647\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/38512/\", \"name\": \"38512\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"http://www.us-cert.gov/ncas/alerts/TA14-318B\", \"name\": \"TA14-318B\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\", \"x_transferred\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064\", \"name\": \"MS14-064\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/70952\", \"name\": \"70952\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1031184\", \"name\": \"1031184\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/38500/\", \"name\": \"38500\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T12:10:13.255Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2014-6332\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-10T20:43:30.345488Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6332\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-25T00:00:00.000Z\", \"value\": \"CVE-2014-6332 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6332\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-10T20:43:05.849Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2014-11-11T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/37668/\", \"name\": \"37668\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"https://www.exploit-db.com/exploits/37800/\", \"name\": \"37800\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/158647\", \"name\": \"VU#158647\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}, {\"url\": \"https://www.exploit-db.com/exploits/38512/\", \"name\": \"38512\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"http://www.us-cert.gov/ncas/alerts/TA14-318B\", \"name\": \"TA14-318B\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064\", \"name\": \"MS14-064\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}, {\"url\": \"http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.securityfocus.com/bid/70952\", \"name\": \"70952\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.securitytracker.com/id/1031184\", \"name\": \"1031184\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.exploit-db.com/exploits/38500/\", \"name\": \"38500\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka \\\"Windows OLE Automation Array Remote Code Execution Vulnerability.\\\"\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2018-10-12T19:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.exploit-db.com/exploits/37668/\", \"name\": \"37668\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"https://www.exploit-db.com/exploits/37800/\", \"name\": \"37800\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/158647\", \"name\": \"VU#158647\", \"refsource\": \"CERT-VN\"}, {\"url\": \"https://www.exploit-db.com/exploits/38512/\", \"name\": \"38512\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"http://www.us-cert.gov/ncas/alerts/TA14-318B\", \"name\": \"TA14-318B\", \"refsource\": \"CERT\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064\", \"name\": \"MS14-064\", \"refsource\": \"MS\"}, {\"url\": \"http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html\", \"name\": \"http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.securityfocus.com/bid/70952\", \"name\": \"70952\", \"refsource\": \"BID\"}, {\"url\": \"http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html\", \"name\": \"http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html\", \"name\": \"http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.securitytracker.com/id/1031184\", \"name\": \"1031184\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html\", \"name\": \"http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt\", \"name\": \"https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt\", \"refsource\": \"MISC\"}, {\"url\": \"http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html\", \"name\": \"http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows\", \"name\": \"http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.exploit-db.com/exploits/38500/\", \"name\": \"38500\", \"refsource\": \"EXPLOIT-DB\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka \\\"Windows OLE Automation Array Remote Code Execution Vulnerability.\\\"\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2014-6332\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secure@microsoft.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2014-6332\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T00:05:34.718Z\", \"dateReserved\": \"2014-09-11T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2014-11-11T22:00:00.000Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2014-AVI-464

Vulnerability from certfr_avis - Published: 2014-11-12 - Updated: 2014-11-12

De multiples vulnérabilités ont été corrigées dans Microsoft OLE. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows Server 2008 R2
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows Server 2008
Microsoft	Windows	Windows 7
Microsoft	Windows	Windows Server 2003
Microsoft	Windows	Windows Vista
Microsoft	Windows	Windows RT
Microsoft	Windows	Windows 8
Microsoft	Windows	Windows 8.1

References

Title

Publication Time

GHSA-W64P-PVRC-C5W3

Vulnerability from github – Published: 2022-05-14 01:02 – Updated: 2025-10-22 03:30

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-6332"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-11-11T22:55:00Z",
    "severity": "HIGH"
  },
  "details": "OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka \"Windows OLE Automation Array Remote Code Execution Vulnerability.\"",
  "id": "GHSA-w64p-pvrc-c5w3",
  "modified": "2025-10-22T03:30:41Z",
  "published": "2022-05-14T01:02:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6332"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064"
    },
    {
      "type": "WEB",
      "url": "https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6332"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/37668"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/37800"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/38500"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/38512"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/158647"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/70952"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031184"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/ncas/alerts/TA14-318B"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2014-6332

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-6332

Aliases

CVE-2014-6332

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-6332",
    "description": "OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka \"Windows OLE Automation Array Remote Code Execution Vulnerability.\"",
    "id": "GSD-2014-6332",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2014-6332"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-6332"
      ],
      "details": "OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka \"Windows OLE Automation Array Remote Code Execution Vulnerability.\"",
      "id": "GSD-2014-6332",
      "modified": "2023-12-13T01:22:50.186741Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2014-6332",
      "dateAdded": "2022-03-25",
      "dueDate": "2022-04-15",
      "product": "Windows",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Windows Object Linking \u0026 Embedding (OLE) Automation Array Remote Code Execution Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2014-6332",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka \"Windows OLE Automation Array Remote Code Execution Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "37668",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/37668/"
          },
          {
            "name": "37800",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/37800/"
          },
          {
            "name": "VU#158647",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/158647"
          },
          {
            "name": "38512",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/38512/"
          },
          {
            "name": "TA14-318B",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/ncas/alerts/TA14-318B"
          },
          {
            "name": "MS14-064",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064"
          },
          {
            "name": "http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html"
          },
          {
            "name": "70952",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/70952"
          },
          {
            "name": "http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html"
          },
          {
            "name": "1031184",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031184"
          },
          {
            "name": "http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html"
          },
          {
            "name": "https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt",
            "refsource": "MISC",
            "url": "https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt"
          },
          {
            "name": "http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html"
          },
          {
            "name": "http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows",
            "refsource": "MISC",
            "url": "http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows"
          },
          {
            "name": "38500",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/38500/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2014-6332"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka \"Windows OLE Automation Array Remote Code Execution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows"
            },
            {
              "name": "https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt"
            },
            {
              "name": "TA14-318B",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/ncas/alerts/TA14-318B"
            },
            {
              "name": "VU#158647",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/158647"
            },
            {
              "name": "1031184",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1031184"
            },
            {
              "name": "http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html"
            },
            {
              "name": "38500",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/38500/"
            },
            {
              "name": "http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html"
            },
            {
              "name": "38512",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/38512/"
            },
            {
              "name": "70952",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/70952"
            },
            {
              "name": "37800",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/37800/"
            },
            {
              "name": "37668",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/37668/"
            },
            {
              "name": "MS14-064",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2019-05-15T13:30Z",
      "publishedDate": "2014-11-11T22:55Z"
    }
  }
}

FKIE_CVE-2014-6332

Vulnerability from fkie_nvd - Published: 2014-11-11 22:55 - Updated: 2025-10-22 01:16

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows	Exploit, Third Party Advisory
secure@microsoft.com	http://www.kb.cert.org/vuls/id/158647	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.securityfocus.com/bid/70952	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1031184	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.us-cert.gov/ncas/alerts/TA14-318B	Third Party Advisory, US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064	Patch, Vendor Advisory
secure@microsoft.com	https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt	Exploit, Third Party Advisory
secure@microsoft.com	https://www.exploit-db.com/exploits/37668/	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	https://www.exploit-db.com/exploits/37800/	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	https://www.exploit-db.com/exploits/38500/	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	https://www.exploit-db.com/exploits/38512/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/158647	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/70952	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031184	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/ncas/alerts/TA14-318B	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/37668/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/37800/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/38500/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/38512/	Exploit, Third Party Advisory, VDB Entry
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6332

Impacted products

Vendor	Product	Version
microsoft	windows_7	-
microsoft	windows_8	-
microsoft	windows_8.1	-
microsoft	windows_rt	-
microsoft	windows_rt_8.1	-
microsoft	windows_server_2003	-
microsoft	windows_server_2008	-
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_server_2012	-
microsoft	windows_server_2012	r2
microsoft	windows_vista	-

JSON

To clipboard

{
  "cisaActionDue": "2022-04-15",
  "cisaExploitAdd": "2022-03-25",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Windows Object Linking \u0026 Embedding (OLE) Automation Array Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D229E41-A971-4284-9657-16D78414B93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABC7A32C-4A4A-4533-B42E-350E728ADFEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
              "matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka \"Windows OLE Automation Array Remote Code Execution Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "OleAut32.dll en OLE en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2 y Windows RT Gold y 8.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un sitio web manipulado, seg\u00fan lo demostrado por un intento de redimensionamiento de un array que desencadena un manejo incorrecto de un valor de tama\u00f1o en la funci\u00f3n SafeArrayDimen, tambi\u00e9n conocido como \"Windows OLE Automation Array Remote Code Execution Vulnerability\"."
    }
  ],
  "id": "CVE-2014-6332",
  "lastModified": "2025-10-22T01:16:03.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2014-11-11T22:55:05.200",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/158647"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70952"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031184"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/ncas/alerts/TA14-318B"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37668/"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37800/"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/38500/"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/38512/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/158647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/70952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1031184"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/ncas/alerts/TA14-318B"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37668/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37800/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/38500/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/38512/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6332"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-6332 (GCVE-0-2014-6332)

CERTFR-2014-AVI-464

Solution

GHSA-W64P-PVRC-C5W3

GSD-2014-6332

FKIE_CVE-2014-6332

Tags

Sightings

Nomenclature