CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.1%
An unspecified vulnerabilities were found in Microsoft VBScript engine. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed web site.
Public exploits exist for this vulnerability.
CVE-2014-6363 critical
CVE-2014-0271 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conΡrete program errors.
support.microsoft.com/kb/2909210
support.microsoft.com/kb/2909212
support.microsoft.com/kb/2909213
support.microsoft.com/kb/2909921
support.microsoft.com/kb/2928390
support.microsoft.com/kb/3008923
support.microsoft.com/kb/3012168
support.microsoft.com/kb/3012172
support.microsoft.com/kb/3012176
support.microsoft.com/kb/3016711
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-0271
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2014-6363
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-VBScript-engine/