CVE-2014-6352: Critical Vulnerability in Microsoft Windows

Posted: October 22, 2014 in Vulnerabilities
Tags: , , ,


dangerous flaw in windowsCritical Vulnerability: Remote Code Execution in Microsoft Windows

Microsoft warns users about 0-day attacks via PowerPoint OLE objects. Hackers are exploiting a zero-day vulnerability in Windows.

Vulnerability in Microsoft OLE Could Allow Remote Code Execution and affecting all supported releases of Microsoft Windows, excluding Windows Server 2003.

Today, Microsoft has released Security Advisory 3010060 as well as the “Fix It” temporary patch. A new ID, CVE-2014-6352, has been assigned to track this issue.

Danger level: Critical
Availability fixes: None
Quantity of vulnerabilities: 1

CVSSv2 Rating: (AV: N / AC: L / Au: N / C: C / I: C / A: C / E: H / RL: U / RC: C) = Base: 10 / Temporal: 10
CVE ID: CVE-2014-6352

Vector of operation: Remote (Website or e-mail with malicious content)
Impact: System Compromise, arbitrary code execution
The availability of exploit code: active exploitation of the vulnerability

Affected Products: Microsoft Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows Vista

Affected versions: Microsoft Windows 7, 8, 8.1, RT, RT 8.1, Server 2008, Server 2012, Vista

Description:
[CVE-2014-6352] The vulnerability could allow a remote user to compromise a vulnerable system.

The vulnerability is caused due to an unspecified error when parsing OLE objects embedded in files Microsoft Office. A remote user can execute arbitrary code on the target system.

Note: The vulnerability is actively exploited in the present moment.

Solution: currently does not exist.

CVE-2014-6352: VIDEO

Client Operating System Usage

References:
https://technet.microsoft.com/en-us/library/security/3010060


Microsoft LogoManufacturer URL: http://windows.microsoft.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s