Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-6363

CWE-3994 documents4 sources
Severity
9.3CRITICAL
EPSS
26.8%
top 3.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Internet ExplorerMicrosoft Vbscript
Timeline
PublishedDec 11
Latest updateMay 14

Description

vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/vbscript5.6, 5.7, 5.8+2
NVDmicrosoft/internet_explorer6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-rvqq-gvgx-253h: vbscript2022-05-14
CVEList
CVE-2014-6363: vbscript2014-12-11

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)2016-11-07
CVE-2014-6363 (CRITICAL CVSS 9.3) | vbscript.dll in Microsoft VBScript | cvebase.io