Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10605
HistoryDec 09, 2014 - 12:00 a.m.

KLA10605 Code execution vulnerability in Microsoft VBScript

2014-12-0900:00:00
Kaspersky Lab
threats.kaspersky.com
38

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.924 High

EPSS

Percentile

98.9%

JSON

Detect date:

12/09/2014

Severity:

High

Description:

An unspecified vulnerabilities were found in Microsoft VBScript engine. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed web site.

Affected products:

Microsoft VBScript engine versions 5.6, 5.7, 5.8

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2014-6363
CVE-2014-0271

Impacts:

ACE

Related products:

Microsoft VBScript engine

CVE-IDS:

CVE-2014-63639.3Critical
CVE-2014-02719.3Critical

Microsoft official advisories:

KB list:

3012168
3008923
2909921
3012176
3012172
2909213
2909212
2909210
3016711
2928390

Exploitation:

Public exploits exist for this vulnerability.

Related

checkpoint_advisories 2
mskb 1
nessus 4
symantec 2
prion 2
zdt 1
packetstorm 1
cvelist 2
openvas 3
cve 2
seebug 1
securityvulns 3
kaspersky 1
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer VBScript Memory Corruption (MS14-080; CVE-2014-6363)
2014-12-09 00:00:00
Microsoft Internet Explorer Memory Corruption (MS14-010: CVE-2014-0271)
2014-02-11 00:00:00
mskb
mskb
MS14-084: Vulnerability in VBScript scripting engine could allow remote code execution: December 9, 2014
2014-12-09 00:00:00
nessus
nessus
MS14-084: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)
2014-12-09 00:00:00
MS14-011: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
2014-02-12 00:00:00
MS14-080: Cumulative Security Update for Internet Explorer (3008923)
2014-12-09 00:00:00
symantec
symantec
Microsoft VBScript CVE-2014-6363 Remote Code Execution Vulnerability
2014-12-09 00:00:00
Microsoft VBScript CVE-2014-0271 Remote Code Execution Vulnerability
2014-02-11 00:00:00
prion
prion
Memory corruption
2014-12-11 00:59:00
Memory corruption
2014-02-12 04:50:00
zdt
zdt
Internet Explorer 8-11, IIS, CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialize
2016-11-08 00:00:00
packetstorm
packetstorm
VBScript CRegExp::Execute Uninitialized Memory Use
2016-11-07 00:00:00
cvelist
cvelist
CVE-2014-6363
2014-12-11 00:00:00
CVE-2014-0271
2014-02-12 02:00:00
openvas
openvas
Microsoft Windows VBScript Remote Code Execution Vulnerability (3016711)
2014-12-10 00:00:00
Microsoft VBScript Remote Code Execution Vulnerability (2928390)
2014-02-12 00:00:00
Microsoft Internet Explorer Multiple Vulnerabilities (2909921)
2014-02-12 00:00:00
cve
cve
CVE-2014-6363
2014-12-11 00:59:00
CVE-2014-0271
2014-02-12 04:50:00
seebug
seebug
Microsoft VBScript θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(CVE-2014-0271)(MS14-010)
2014-02-13 00:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2014-02-11 00:00:00
Microsoft Windows multiple security vulnerabilities
2015-01-14 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2014-03-27 00:00:00
kaspersky
kaspersky
KLA10602 Multiple vulnerabilities in Microsoft Internet Explorer
2014-09-09 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.924 High

EPSS

Percentile

98.9%

JSON
Related for KLA10605
checkpoint_advisories2mskb1nessus4symantec2prion2zdt1packetstorm1cvelist2openvas3cve2seebug1securityvulns3kaspersky1