Executive Summary

Summary
TitleVulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
Informations
NameMS14-011First vendor Publication2014-02-11
VendorMicrosoftLast vendor Modification2014-02-11
Severity (Vendor) CriticalRevision1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.0 (February 11, 2014): Bulletin published.

Summary: This security update resolves a privately reported vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visited a specially crafted website. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms14-011

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22065
 
Oval ID: oval:org.mitre.oval:def:22065
Title: VBScript Memory Corruption Vulnerability (CVE-2014-0271) - MS14-010, MS14-011
Description: The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2014-0271
Version: 10
Platform(s): Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): VBScript 5.6
VBScript 5.7
VBScript 5.8
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application6
Application3

Information Assurance Vulnerability Management (IAVM)

DateDescription
2014-02-13IAVM : 2014-A-0025 - Microsoft VBScript Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0044034

Snort® IPS/IDS

DateDescription
2017-08-15Microsoft Internet Explorer type confusion attempt
RuleID : 43580 - Revision : 3 - Type : BROWSER-IE
2017-08-15Microsoft Internet Explorer type confusion attempt
RuleID : 43579 - Revision : 3 - Type : BROWSER-IE
2014-05-28Microsoft Internet Explorer type confusion attempt
RuleID : 30851 - Revision : 3 - Type : BROWSER-IE
2014-05-28Microsoft Internet Explorer type confusion attempt
RuleID : 30850 - Revision : 4 - Type : BROWSER-IE
2014-05-28Microsoft Internet Explorer type confusion attempt
RuleID : 30849 - Revision : 4 - Type : BROWSER-IE
2014-03-13Microsoft Internet Explorer type confusion attempt
RuleID : 29675 - Revision : 7 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

DateDescription
2014-02-12Name : The remote host has a web browser that is affected by multiple vulnerabilities.
File : smb_nt_ms14-010.nasl - Type : ACT_GATHER_INFO
2014-02-12Name : Arbitrary code can be executed on the remote host through the installed VBScr...
File : smb_nt_ms14-011.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2014-03-13 21:21:02
  • Multiple Updates
2014-02-17 11:47:56
  • Multiple Updates
2014-02-14 17:19:06
  • Multiple Updates
2014-02-12 21:25:25
  • Multiple Updates
2014-02-12 13:27:02
  • Multiple Updates
2014-02-11 21:25:37
  • Multiple Updates
2014-02-11 21:16:59
  • First insertion