CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.9%
Added: 11/17/2014
CVE: CVE-2014-6332
BID: 70952
OSVDB: 114533
OLE (Object Linking and Embedding) is a technology that allows applications to share data and functionality, such as the ability to create and edit compound data, i.e., data that contains information in multiple formats.
The **SafeArrayRedim**
function in the **OleAut32.dll**
library does not properly check sizes of arrays when an error occurs. This allows an attacker to manipulate memory and bypass security protections in Internet Explorer, resulting in arbitrary code execution.
Apply the security update referenced in MS14-064.
<https://www.us-cert.gov/ncas/alerts/TA14-318B>
Exploit works on Windows with Internet Explorer 10 and earlier, and requires a user to load the exploit page in Internet Explorer.
Windows