CVE-2014-6362
published 2015-02-11CVE-2014-6362: Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via…
PriorityP429medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
16.16%
96.5th percentile
Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft Office Component Use After Free Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
blogs_talos·2015-02-10·CVSS 6.8
[MEDIUM] Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
## Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
Microsoft’s Patch Tuesday for February 2015 has arrived. This month’s round of security updates is large with Microsoft releasing 9 bulletins addressing 56 CVEs. 3 of the bulletins are rated critical and address vulnerabilities within Internet Explorer, Windows, and Group Policy. The remaining 6 bulletins are rated important and address vulnerabilities in Office, Windows, Group Policy, and System Center Manager.
## Bulletins Rated Critical MS15-009, MS15-010, and MS15-011 are rated Critical.
MS15-009 is targeted at addressing multiple vulnerabilities within Internet Explorer, versions 6 through 11. In total, 41 different CVEs were addressed with the vast majority of the those CVEs fixing use-after-free vulnerabilitie
Talos
Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
blogs_talos·2015-02-10·CVSS 6.8
[MEDIUM] Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed
Microsoft’s Patch Tuesday for February 2015 has arrived. This month’s round of security updates is large with Microsoft releasing 9 bulletins addressing 56 CVEs. 3 of the bulletins are rated critical and address vulnerabilities within Internet Explorer, Windows, and Group Policy. The remaining 6 bulletins are rated important and address vulnerabilities in Office, Windows, Group Policy, and System Center Manager.
### Bulletins Rated CriticalMS15-009, MS15-010, and MS15-011 are rated Critical.
MS15-009 is targeted at addressing multiple vulnerabilities within Internet Explorer, versions 6 through 11. In total, 41 different CVEs were addressed with the vast majority of the those CVEs fixing use-after-free vulnerabilities that could result in remote code execution. A couple ASLR bypasses, pr
http://www.securityfocus.com/bid/72467http://www.securitytracker.com/id/1031721https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-013http://www.securityfocus.com/bid/72467http://www.securitytracker.com/id/1031721https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-013
2015-02-11
Published