Lucene search

[email protected]CVE-2014-1809

HistoryMay 14, 2014 - 11:13 a.m.

CVE-2014-1809

2014-05-1411:13:06

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-1809

mscomctl

microsoft office

aslr

vulnerability

nvd

exploit

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.6%

JSON

The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka “MSCOMCTL ASLR Vulnerability.”

Affected configurations

NVD

Node

microsoftofficeMatch2007sp3

microsoftofficeMatch2010sp1x64

microsoftofficeMatch2010sp1x86

microsoftofficeMatch2010sp2x64

microsoftofficeMatch2010sp2x86

microsoftofficeMatch2013

microsoftofficeMatch2013sp1

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2007
microsoft:officemicrosoft officeeq2010
microsoft:officemicrosoft officeeq2013

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2007
microsoft:office	microsoft office	eq	2010
microsoft:office	microsoft office	eq	2013

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-024

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.6%

JSON

Related for CVE-2014-1809

openvas1 prion1 nessus1 cvelist1 nvd1 mskb1 securityvulns1 kaspersky1