Lucene search

K
certCERTVU:158647
HistoryNov 13, 2014 - 12:00 a.m.

Microsoft Windows Object Linking and Embedding (OLE) OleAut32 library SafeArrayRedim function vulnerable to remote code execution via Internet Explorer

2014-11-1300:00:00
www.kb.cert.org
114

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

Overview

A vulnerability in Microsoft Windows OLE could allow remote code execution if a user views a specially-crafted web page in Internet Explorer.

Description

The Microsoft Windows OLE OleAut32.dll library provides the SafeArrayRedim function that allows resizing of SAFEARRAY objects in memory. In certain circumstances, this library does not properly check sizes of arrays when an error occurs (CVE-2014-6332). The improper size allows an attacker to manipulate memory in a way that can bypass the Internet Explorer Enhanced Protected Mode (EPM) sandbox as well as the Enhanced Mitigation Experience Toolkit (EMET).

This vulnerability can be exploited using a specially-crafted web page utilizing VBscript in Internet Explorer, however it may also impact other software that makes use of OleAut32.dll and/or VBscript.

A Metasploit module exploiting this vulnerability has been released.

More information is available in a blog post from IBM X-Force.


Impact

Arbitrary code can be run on the computer with user privileges. If the user is an administrator, the attacker may run arbitrary code as an administrator, fully compromising the system.


Solution

Apply an update

An update is available from Microsoft. Please see Microsoft Security Bulletin MS14-064.


Disable active content in Internet Explorer

Disabling active content (scripting) in Internet Explorer may help mitigate this vulnerability. Please see Microsoft’s guidance on disabling active content.


Vendor Information

158647

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation Affected

Updated: November 13, 2014

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

CVSS Metrics

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 7.3 E:POC/RL:OF/RC:C
Environmental 7.3 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Microsoft credits Robert Freeman of IBM X-Force.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2014-6332
Date Public: 2014-11-11 Date First Published:

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%