CVE-2014-0261
published 2014-01-15CVE-2014-0261: Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to…
PriorityP419medium4CVSS 2.0
AVNACLAuSCNINAP
EPSS
10.30%
95.1th percentile
Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to an Application Object Server (AOS) instance, aka "Query Filter DoS Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | dynamics_ax | — | — |
| microsoft | dynamics_ax | — | — |
| microsoft | dynamics_ax | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Update Tuesday: January 2014, fix for the XP/2003 0-day vulnerability
blogs_talos·2014-01-14·CVSS 9.8
CVE-2014-0258 [CRITICAL] Microsoft Update Tuesday: January 2014, fix for the XP/2003 0-day vulnerability
The first Microsoft Update Tuesday of 2014 is here and it’s a very light month this time around. We’ve got 4 bulletins covering 6 CVEs. What’s remarkable is that there’s no Internet Explorer bulletin this month. There are also no bulletins that are marked critical, all 4 bulletins are marked as important.
The first bulletin, MS14-001, is for Word and Office Web Apps, this bulletin covers 3 CVEs (CVE-2014-0258, CVE-2014-0259 and CVE-2014-0260. They are memory corruption vulnerabilities in Word, which could result in remote code execution.
MS14-002 is a fix for the Windows XP/2003 0-day kernel escalation of privilege vulnerability (CVE-2013-5065) that was being exploited in the wild in tandem with the Adobe Reader vulnerability (CVE-2013-3346). Here an attacker would convince the user to o
Talos
Microsoft Update Tuesday: January 2014, fix for the XP/2003 0-day vulnerability
blogs_talos·2014-01-14·CVSS 9.8
CVE-2014-0258 [CRITICAL] Microsoft Update Tuesday: January 2014, fix for the XP/2003 0-day vulnerability
## Microsoft Update Tuesday: January 2014, fix for the XP/2003 0-day vulnerability
The first Microsoft Update Tuesday of 2014 is here and it’s a very light month this time around. We’ve got 4 bulletins covering 6 CVEs. What’s remarkable is that there’s no Internet Explorer bulletin this month. There are also no bulletins that are marked critical, all 4 bulletins are marked as important.
The first bulletin, MS14-001 , is for Word and Office Web Apps, this bulletin covers 3 CVEs ( CVE-2014-0258 , CVE-2014-0259 and CVE-2014-0260 . They are memory corruption vulnerabilities in Word, which could result in remote code execution.
MS14-002 is a fix for the Windows XP/2003 0-day kernel escalation of privilege vulnerability ( CVE-2013-5065 ) that was being exploited in the wild in tandem with the
2014-01-15
Published