CVE-2014-6332

Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."

OleAut32.dll en OLE en Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold y R2 y Windows RT Gold y 8.1 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, según lo demostrado por un intento de redimensionamiento de un array que desencadena un manejo incorrecto de un valor de tamaño en la función SafeArrayDimen, también conocido como "Windows OLE Automation Array Remote Code Execution Vulnerability".

Microsoft HTA (HTML Application) suffers from a remote code execution vulnerability.

OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-09-11 CVE Reserved
2014-11-11 CVE Published
2014-11-13 First Exploit
2022-03-25 Exploited in Wild
2022-04-15 KEV Due Date
2024-08-06 CVE Updated
2024-11-09 EPSS Updated

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (22)

URL	Tag	Source
http://www.kb.cert.org/vuls/id/158647	Third Party Advisory
http://www.securityfocus.com/bid/70952	Third Party Advisory
http://www.securitytracker.com/id/1031184	Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA14-318B	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/36516	2015-03-27
https://www.exploit-db.com/exploits/37400	2015-06-27
https://www.exploit-db.com/exploits/38500	2024-08-06
https://www.exploit-db.com/exploits/37668	2024-08-06
https://www.exploit-db.com/exploits/35229	2014-11-13
https://www.exploit-db.com/exploits/35230	2014-11-13
https://www.exploit-db.com/exploits/35308	2014-11-20
https://www.exploit-db.com/exploits/37800	2024-08-06
https://www.exploit-db.com/exploits/38512	2024-08-06
https://github.com/mourr/CVE-2014-6332	2016-08-29
http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html	2024-08-06
http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html	2024-08-06
http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html	2024-08-06
http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html	2024-08-06
http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html	2024-08-06
http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows	2024-08-06
https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txt	2024-08-06

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064	2019-05-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Windows 7 Search vendor "Microsoft" for product "Windows 7"				-		sp1		Affected
Microsoft Search vendor "Microsoft"		Windows 8 Search vendor "Microsoft" for product "Windows 8"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Rt Search vendor "Microsoft" for product "Windows Rt"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Rt 8.1 Search vendor "Microsoft" for product "Windows Rt 8.1"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"				-		sp2		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				-		sp2		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2"		sp1, itanium		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2"		sp1, x64		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012"				-		-		Affected
Microsoft Search vendor "Microsoft"		Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012"				r2 Search vendor "Microsoft" for product "Windows Server 2012" and version "r2"		-		Affected
Microsoft Search vendor "Microsoft"		Windows Vista Search vendor "Microsoft" for product "Windows Vista"				-		sp2		Affected