FKIE_CVE-2014-6364

Vulnerability from fkie_nvd - Published: 2014-12-11 00:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-082
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-082
Impacted products
Vendor Product Version
microsoft office 2007
microsoft office 2010
microsoft office 2010
microsoft office 2013
microsoft office 2013
microsoft office 2013
microsoft office 2013
microsoft office 2013
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "FEECD12A-5BEF-4675-B62E-86CF4A7474D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "69998A67-CB15-4217-8AD6-43F9BA3C6454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2010:sp2:x86:*:*:*:*:*",
              "matchCriteriaId": "349E9084-8116-43E9-8B19-CA521C96660D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2013:*:*:*:*:*:*:*",
              "matchCriteriaId": "E926E35D-02F6-4EA0-83C5-31443D3A0F01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2013:*:*:*:gold:*:*:*",
              "matchCriteriaId": "F4C9D0D2-4D72-4712-8056-9EDDF741723B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2013:*:*:*:rt_gold:*:*:*",
              "matchCriteriaId": "6DF78996-DFB3-4102-9E98-FF2B56FB67B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "120690A6-E0A1-4E36-A35A-C87109ECC064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2013:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5FB9A56C-094B-4540-9690-45F8CB690C00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, and SP2; and 2013 RT Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en Microsoft Office 2007 SP3; 2010 SP2; 2013 Gold, SP1, y SP2; y 2013 RT Gold y SP1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un documento Office manipulado, tambi\u00e9n conocido como \u0027Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de Microsoft Office Component\u0027."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
  "id": "CVE-2014-6364",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-12-11T00:59:14.533",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-082"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.