Detections
Analytics
MS14-064: Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
high Nessus Plugin ID 79125
Language:
Synopsis
The remote Windows host is affected by multiple vulnerabilities.Description
The remote Windows host is affected by multiple vulnerabilities :- A remote code execution vulnerability due to Internet Explorer improperly handling access to objects in memory. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted website in Internet Explorer, resulting in execution of arbitrary code in the context of the current user.
(CVE-2014-6332)
- A remote code execution vulnerability due to a flaw in the OLE package manager. A remote attacker can exploit this vulnerability by convincing a user to open an Office file containing specially crafted OLE objects, resulting in execution of arbitrary code in the context of the current user. (CVE-2014-6352)
Solution
Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-064
Plugin Details
Severity: High
ID: 79125
File Name: smb_nt_ms14-064.nasl
Version: 1.16
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 11/11/2014
Updated: 3/28/2022
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.8
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2014-6352
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/11/2014
Vulnerability Publication Date: 10/14/2014
CISA Known Exploited Vulnerability Due Dates: 4/15/2022, 8/25/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (MS14-064 Microsoft Windows OLE Package Manager Code Execution)
Reference Information
CVE: CVE-2014-6332, CVE-2014-6352