CVE-2014-6362 — Microsoft Office vulnerability

4 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

32.3%

top 3.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office

Timeline

PublishedFeb 11

Latest updateMay 14

Description

Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft Office Component Use After Free Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/office2007, 2010, 2013+2

🔴Vulnerability Details

GHSA

GHSA-wwqq-9p8j-6w8g: Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mecha↗2022-05-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed↗2015-02-10

▶

Talos

Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed↗2015-02-10

▶