Microsoft » Windows Server 2012 : Security Vulnerabilities, CVEs, Published In October 2014 (Code Execution)
CVE-2014-6352
Known exploited
Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
Max CVSS
9.3
EPSS Score
96.72%
Published
2014-10-22
Updated
2018-10-12
CISA KEV Added
2022-02-25
CVE-2014-4148
Known exploited
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
49.90%
Published
2014-10-15
Updated
2019-02-26
CISA KEV Added
2022-05-25
CVE-2014-4114
Known exploited
Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
97.00%
Published
2014-10-15
Updated
2018-10-12
CISA KEV Added
2022-03-03
3 vulnerabilities found