CVE-2014-1808
published 2014-05-14CVE-2014-1808: Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
10.09%
95.1th percentile
Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka "Token Reuse Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Update Tuesday May 2014: relatively light month
blogs_talos·2014-05-13·CVSS 4.3
[MEDIUM] Microsoft Update Tuesday May 2014: relatively light month
## Microsoft Update Tuesday May 2014: relatively light month
It’s time for another Microsoft Update Tuesday , the first one which will not feature any XP updates (except of course for the out-of-band patch ( MS14-021 ) which was released to deal with the IE 0-day which is officially part of this release, but which we won't be discussing here, more on that can be found here and here ). It’s a pretty straightforward month this time around, with eight bulletins covering 13 CVEs.
The numbering is a little off this month, usually the critical bulletins came first, but it seems that Microsoft hasn't done that this time around. We’ll list the critical bulletins first, followed by the important ones.
There’s two critical bulletins and six important bulletins this month:
The first critical bull
Talos
Microsoft Update Tuesday May 2014: relatively light month
blogs_talos·2014-05-13·CVSS 4.3
[MEDIUM] Microsoft Update Tuesday May 2014: relatively light month
It’s time for another Microsoft Update Tuesday, the first one which will not feature any XP updates (except of course for the out-of-band patch (MS14-021) which was released to deal with the IE 0-day which is officially part of this release, but which we won't be discussing here, more on that can be found here and here). It’s a pretty straightforward month this time around, with eight bulletins covering 13 CVEs.
The numbering is a little off this month, usually the critical bulletins came first, but it seems that Microsoft hasn't done that this time around. We’ll list the critical bulletins first, followed by the important ones.
There’s two critical bulletins and six important bulletins this month:
The first critical bulletin is MS14-022 and covers three CVEs in Sharepoint. Two of them
2014-05-14
Published