CVE-2014-6364 — Microsoft Office vulnerability

5 documents4 sources

Severity

9.3CRITICALNVD

EPSS

31.7%

top 3.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office

Timeline

PublishedDec 11

Latest updateMay 14

Description

Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/office2007, 2010, 2013+2

🔴Vulnerability Details

GHSA

GHSA-68j5-5p29-q76h: Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to exec↗2022-05-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday for December 2014: Light Month, Some Changes↗2014-12-09

▶

Talos

Microsoft Patch Tuesday for December 2014: Light Month, Some Changes↗2014-12-09

▶

Zscaler

Zscaler found Security Vulnerabilities in MS Exchange Server↗

▶