CVE-2014-0271

2014-02-1204:50:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-0271

vbscript

microsoft internet explorer

memory corruption

remote code execution

denial of service

nvd

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.924 High

EPSS

Percentile

99.0%

JSON

The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “VBScript Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq10
microsoft:internet_explorermicrosoft internet explorereq8
microsoft:internet_explorermicrosoft internet explorereq7
microsoft:internet_explorermicrosoft internet explorereq11
microsoft:internet_explorermicrosoft internet explorereq6
microsoft:internet_explorermicrosoft internet explorereq9
microsoft:vbscriptmicrosoft vbscripteq5.6
microsoft:vbscriptmicrosoft vbscripteq5.8
microsoft:vbscriptmicrosoft vbscripteq5.7

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	10
microsoft:internet_explorer	microsoft internet explorer	eq	8
microsoft:internet_explorer	microsoft internet explorer	eq	7
microsoft:internet_explorer	microsoft internet explorer	eq	11
microsoft:internet_explorer	microsoft internet explorer	eq	6
microsoft:internet_explorer	microsoft internet explorer	eq	9
microsoft:vbscript	microsoft vbscript	eq	5.6
microsoft:vbscript	microsoft vbscript	eq	5.8
microsoft:vbscript	microsoft vbscript	eq	5.7