Vulnerability Details : CVE-2014-6363
vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-6363
Probability of exploitation activity in the next 30 days: 90.70%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-6363
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2014-6363
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6363
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080
Microsoft Security Bulletin MS14-080 - Critical | Microsoft Docs
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084
Microsoft Security Bulletin MS14-084 - Critical | Microsoft Docs
-
https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075
Protect Your Business with Verisign’s Security Services – VerisignThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/40721/
Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084) - Windows remote Exploit
Products affected by CVE-2014-6363
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:vbscript:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:vbscript:5.7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:vbscript:5.8:*:*:*:*:*:*:*