Lucene search

Kaspersky LabKLA10605

HistoryDec 09, 2014 - 12:00 a.m.

KLA10605 Code execution vulnerability in Microsoft VBScript

2014-12-0900:00:00

Kaspersky Lab

threats.kaspersky.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.93

Percentile

99.1%

JSON

An unspecified vulnerabilities were found in Microsoft VBScript engine. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed web site.

Original advisories

CVE-2014-6363

CVE-2014-0271

Exploitation

Public exploits exist for this vulnerability.

Related products

Microsoft-VBScript-engine

CVE list

CVE-2014-6363 critical

CVE-2014-0271 critical

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conсrete program errors.