9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.924 High
EPSS
Percentile
98.9%
12/09/2014
High
An unspecified vulnerabilities were found in Microsoft VBScript engine. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed web site.
Microsoft VBScript engine versions 5.6, 5.7, 5.8
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
ACE
CVE-2014-63639.3Critical
CVE-2014-02719.3Critical
3012168
3008923
2909921
3012176
3012172
2909213
2909212
2909210
3016711
2928390
Public exploits exist for this vulnerability.
support.microsoft.com/kb/2909210
support.microsoft.com/kb/2909212
support.microsoft.com/kb/2909213
support.microsoft.com/kb/2909921
support.microsoft.com/kb/2928390
support.microsoft.com/kb/3008923
support.microsoft.com/kb/3012168
support.microsoft.com/kb/3012172
support.microsoft.com/kb/3012176
support.microsoft.com/kb/3016711
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0271
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6363
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0271
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6363
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-VBScript-engine/