CVE-2014-6363

2014-12-1100:59:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2014-6363

vbscript.dll

microsoft

vbscript

memory corruption

vulnerability

internet explorer

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.907 High

EPSS

Percentile

98.8%

JSON

vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “VBScript Memory Corruption Vulnerability.”

CPENameOperatorVersion
microsoft:vbscriptmicrosoft vbscripteq5.6
microsoft:vbscriptmicrosoft vbscripteq5.7
microsoft:vbscriptmicrosoft vbscripteq5.8
microsoft:internet_explorermicrosoft internet explorereq6
microsoft:internet_explorermicrosoft internet explorereq7
microsoft:internet_explorermicrosoft internet explorereq8
microsoft:internet_explorermicrosoft internet explorereq9
microsoft:internet_explorermicrosoft internet explorereq10
microsoft:internet_explorermicrosoft internet explorereq11

CPE	Name	Operator	Version
microsoft:vbscript	microsoft vbscript	eq	5.6
microsoft:vbscript	microsoft vbscript	eq	5.7
microsoft:vbscript	microsoft vbscript	eq	5.8
microsoft:internet_explorer	microsoft internet explorer	eq	6
microsoft:internet_explorer	microsoft internet explorer	eq	7
microsoft:internet_explorer	microsoft internet explorer	eq	8
microsoft:internet_explorer	microsoft internet explorer	eq	9
microsoft:internet_explorer	microsoft internet explorer	eq	10
microsoft:internet_explorer	microsoft internet explorer	eq	11