Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Office Could Allow Remote Code Execution |
Informations | |||
---|---|---|---|
Name | MS14-023 | First vendor Publication | 2014-05-13 |
Vendor | Microsoft | Last vendor Modification | 2014-05-13 |
Severity (Vendor) | Version | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Severity Rating: Important |
Original Source
Url : https://technet.microsoft.com/en-us/library/security/MS14-023 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:23726 | |||
Oval ID: | oval:org.mitre.oval:def:23726 | ||
Title: | Token reuse vulnerability (CVE-2014-1808) - MS14-023 | ||
Description: | Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka "Token Reuse Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1808 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Microsoft Office 2013 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24582 | |||
Oval ID: | oval:org.mitre.oval:def:24582 | ||
Title: | Microsoft Office chinese grammar checking vulnerability (CVE-2014-1756) - MS14-023 | ||
Description: | Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Microsoft Office Chinese Grammar Checking Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-1756 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Microsoft Office 2013 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-05-15 | IAVM : 2014-B-0058 - Multiple Vulnerabilities in Microsoft Office Severity : Category II - VMSKEY : V0050431 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft product .dll dll-load exploit attempt RuleID : 18495 - Revision : 21 - Type : OS-WINDOWS |
2014-01-10 | Microsoft product .dll dll-load exploit attempt RuleID : 18494 - Revision : 25 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-05-14 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms14-023.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-27 02:04:29 |
|
2014-11-16 21:25:25 |
|
2014-07-01 00:25:34 |
|
2014-05-17 00:22:16 |
|
2014-05-15 13:24:14 |
|
2014-05-14 21:28:00 |
|
2014-05-14 17:25:33 |
|
2014-05-14 00:25:57 |
|
2014-05-14 00:16:36 |
|
2014-05-13 21:27:45 |
|
2014-05-13 21:16:51 |
|