Lucene search

K
nvd[email protected]NVD:CVE-2014-6364
HistoryDec 11, 2014 - 12:59 a.m.

CVE-2014-6364

2014-12-1100:59:14
web.nvd.nist.gov
9
microsoft office
use-after-free
vulnerability
remote code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.306

Percentile

97.0%

Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Component Use After Free Vulnerability.”

Affected configurations

Nvd
Node
microsoftofficeMatch2007sp3
OR
microsoftofficeMatch2010sp2x64
OR
microsoftofficeMatch2010sp2x86
OR
microsoftofficeMatch2013
OR
microsoftofficeMatch2013gold
OR
microsoftofficeMatch2013rt_gold
OR
microsoftofficeMatch2013sp1
OR
microsoftofficeMatch2013sp2
VendorProductVersionCPE
microsoftoffice2007cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*
microsoftoffice2010cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:*:*:*:*:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:*:*:*:gold:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:*:*:*:rt_gold:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*
microsoftoffice2013cpe:2.3:a:microsoft:office:2013:sp2:*:*:*:*:*:*

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.306

Percentile

97.0%