cvelistv5 - CVE-2014-6363

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:10:13.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS14-080",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080"
          },
          {
            "name": "40721",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40721/"
          },
          {
            "name": "20141209 Microsoft VBScript CRegExp::Execute Uninitialized Memory Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075"
          },
          {
            "name": "MS14-084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"VBScript Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS14-080",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080"
        },
        {
          "name": "40721",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40721/"
        },
        {
          "name": "20141209 Microsoft VBScript CRegExp::Execute Uninitialized Memory Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075"
        },
        {
          "name": "MS14-084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2014-6363",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"VBScript Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS14-080",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080"
            },
            {
              "name": "40721",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40721/"
            },
            {
              "name": "20141209 Microsoft VBScript CRegExp::Execute Uninitialized Memory Vulnerability",
              "refsource": "IDEFENSE",
              "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075"
            },
            {
              "name": "MS14-084",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2014-6363",
    "datePublished": "2014-12-11T00:00:00",
    "dateReserved": "2014-09-11T00:00:00",
    "dateUpdated": "2024-08-06T12:10:13.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:vbscript:5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D5EF0A1-84C5-472B-9FFA-1D6052CD656B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:vbscript:5.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0061E11D-9293-401A-BA38-85AD0C4A04E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:vbscript:5.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C94EA55-F0DE-4A45-A020-9F7FE2A3745B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A33FA7F-BB2A-4C66-B608-72997A2BD1DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A52E757F-9B41-43B4-9D67-3FEDACA71283\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C043EDDD-41BF-4718-BDCF-158BBBDB6360\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5808661-A082-4CBE-808C-B253972487B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7809F78-8D56-4925-A8F9-4119B973A667\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \\\"VBScript Memory Corruption Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"vbscript.dll en Microsoft VBScript 5.6 hasta 5.8, utilizado con Internet Explorer 6 hasta 11 y otros productos, permite a atacantes remotos ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria) a trav\\u00e9s de un sitio web manipulado, tambi\\u00e9n conocido como \u0027Vulnerabilidad de la corrupci\\u00f3n de memoria de VBScript\u0027.\"}]",
      "id": "CVE-2014-6363",
      "lastModified": "2024-11-21T02:14:14.953",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-12-11T00:59:13.440",
      "references": "[{\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://www.exploit-db.com/exploits/40721/\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/40721/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-6363\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2014-12-11T00:59:13.440\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \\\"VBScript Memory Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"vbscript.dll en Microsoft VBScript 5.6 hasta 5.8, utilizado con Internet Explorer 6 hasta 11 y otros productos, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un sitio web manipulado, tambi\u00e9n conocido como \u0027Vulnerabilidad de la corrupci\u00f3n de memoria de VBScript\u0027.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:vbscript:5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D5EF0A1-84C5-472B-9FFA-1D6052CD656B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:vbscript:5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0061E11D-9293-401A-BA38-85AD0C4A04E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:vbscript:5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C94EA55-F0DE-4A45-A020-9F7FE2A3745B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"693D3C1C-E3E4-49DB-9A13-44ADDFF82507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A33FA7F-BB2A-4C66-B608-72997A2BD1DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A52E757F-9B41-43B4-9D67-3FEDACA71283\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C043EDDD-41BF-4718-BDCF-158BBBDB6360\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5808661-A082-4CBE-808C-B253972487B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7809F78-8D56-4925-A8F9-4119B973A667\"}]}]}],\"references\":[{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://www.exploit-db.com/exploits/40721/\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/40721/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CERTFR-2014-AVI-518

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Internet Explorer versions 6 à 11

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eInternet Explorer versions 6 \u00e0 11\u003c/P\u003e",
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-6366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6366"
    },
    {
      "name": "CVE-2014-6330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6330"
    },
    {
      "name": "CVE-2014-6373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6373"
    },
    {
      "name": "CVE-2014-6328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6328"
    },
    {
      "name": "CVE-2014-8966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8966"
    },
    {
      "name": "CVE-2014-6374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6374"
    },
    {
      "name": "CVE-2014-6327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6327"
    },
    {
      "name": "CVE-2014-6376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6376"
    },
    {
      "name": "CVE-2014-6369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6369"
    },
    {
      "name": "CVE-2014-6375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6375"
    },
    {
      "name": "CVE-2014-6368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6368"
    },
    {
      "name": "CVE-2014-6365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6365"
    },
    {
      "name": "CVE-2014-6363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6363"
    },
    {
      "name": "CVE-2014-6329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6329"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-518",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-12-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Internet Explorer\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 d\u00e9cembre 2014",
      "url": "https://technet.microsoft.com/library/security/ms14-080"
    }
  ]
}

CERTFR-2014-AVI-518

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Internet Explorer versions 6 à 11

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eInternet Explorer versions 6 \u00e0 11\u003c/P\u003e",
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-6366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6366"
    },
    {
      "name": "CVE-2014-6330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6330"
    },
    {
      "name": "CVE-2014-6373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6373"
    },
    {
      "name": "CVE-2014-6328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6328"
    },
    {
      "name": "CVE-2014-8966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8966"
    },
    {
      "name": "CVE-2014-6374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6374"
    },
    {
      "name": "CVE-2014-6327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6327"
    },
    {
      "name": "CVE-2014-6376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6376"
    },
    {
      "name": "CVE-2014-6369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6369"
    },
    {
      "name": "CVE-2014-6375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6375"
    },
    {
      "name": "CVE-2014-6368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6368"
    },
    {
      "name": "CVE-2014-6365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6365"
    },
    {
      "name": "CVE-2014-6363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6363"
    },
    {
      "name": "CVE-2014-6329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6329"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-518",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-12-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Internet Explorer\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 d\u00e9cembre 2014",
      "url": "https://technet.microsoft.com/library/security/ms14-080"
    }
  ]
}

CERTFR-2014-AVI-515

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Microsoft VBScript Scripting Engine. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

VBScript 5.6 jusqu'à 5.8

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVBScript 5.6 jusqu\u0027\u00e0 5.8\u003c/P\u003e",
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-6363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6363"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-515",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-12-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\nVBScript Scripting Engine\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft VBScript Scripting Engine",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 d\u00e9cembre 2014",
      "url": "https://technet.microsoft.com/library/security/ms14-084"
    }
  ]
}

CERTFR-2014-AVI-515

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Microsoft VBScript Scripting Engine. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

VBScript 5.6 jusqu'à 5.8

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVBScript 5.6 jusqu\u0027\u00e0 5.8\u003c/P\u003e",
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-6363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6363"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-515",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-12-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\nVBScript Scripting Engine\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft VBScript Scripting Engine",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 d\u00e9cembre 2014",
      "url": "https://technet.microsoft.com/library/security/ms14-084"
    }
  ]
}

GSD-2014-6363

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-6363

Aliases

CVE-2014-6363

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-6363",
    "description": "vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"VBScript Memory Corruption Vulnerability.\"",
    "id": "GSD-2014-6363",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2014-6363"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-6363"
      ],
      "details": "vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"VBScript Memory Corruption Vulnerability.\"",
      "id": "GSD-2014-6363",
      "modified": "2023-12-13T01:22:50.712964Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2014-6363",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"VBScript Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MS14-080",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080"
          },
          {
            "name": "40721",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/40721/"
          },
          {
            "name": "20141209 Microsoft VBScript CRegExp::Execute Uninitialized Memory Vulnerability",
            "refsource": "IDEFENSE",
            "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075"
          },
          {
            "name": "MS14-084",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:vbscript:5.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:vbscript:5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:vbscript:5.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2014-6363"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"VBScript Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20141209 Microsoft VBScript CRegExp::Execute Uninitialized Memory Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075"
            },
            {
              "name": "40721",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/40721/"
            },
            {
              "name": "MS14-084",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084"
            },
            {
              "name": "MS14-080",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T22:07Z",
      "publishedDate": "2014-12-11T00:59Z"
    }
  }
}

GHSA-RVQQ-GVGX-253H

Vulnerability from github – Published: 2022-05-14 02:30 – Updated: 2025-04-12 12:42

Details

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-6363"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-12-11T00:59:00Z",
    "severity": "HIGH"
  },
  "details": "vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"VBScript Memory Corruption Vulnerability.\"",
  "id": "GHSA-rvqq-gvgx-253h",
  "modified": "2025-04-12T12:42:54Z",
  "published": "2022-05-14T02:30:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6363"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40721"
    },
    {
      "type": "WEB",
      "url": "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2014-6363

Vulnerability from fkie_nvd - Published: 2014-12-11 00:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084
secure@microsoft.com	https://www.exploit-db.com/exploits/40721/
secure@microsoft.com	https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40721/
af854a3a-2127-422b-91ae-364da2661108	https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
microsoft	vbscript	5.6
microsoft	vbscript	5.7
microsoft	vbscript	5.8
microsoft	internet_explorer	6
microsoft	internet_explorer	7
microsoft	internet_explorer	8
microsoft	internet_explorer	9
microsoft	internet_explorer	10
microsoft	internet_explorer	11