Remote Code Execution Vulnerability in VBScript for Microsoft Products
CVE-2014-6363

Currently unrated

Key Information:

Vendor: Microsoft
Status: Vbscript; Internet Explorer
Vendor: CVE Published:; 11 December 2014

Summary

The vulnerability in vbscript.dll allows attackers to execute arbitrary code on affected systems or cause a denial of service due to memory corruption. This can occur through specially crafted web pages that exploit flaws in how vbscript.dll processes web content. Vulnerable versions of Internet Explorer and other Microsoft applications using these VBScript engines are particularly at risk, potentially exposing users to malicious attacks that compromise system integrity and confidentiality.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://www.exploit-db.com/exploits/40721/

exploitx_refsource_EXPLOIT-DB

https://www.verisign.com/en_US/security-services/security...

third-party-advisoryx_refsource_IDEFENSE

EPSS Score

32% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 11, 2014
Vulnerability Reserved
Sep 11, 2014