CVE-2014-6332: CVE-2014-6332

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-6332

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Windows OLE 自动化数组远程执行代码漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Windows OLE（对象链接与嵌入）是美国微软（Microsoft）公司的一种允许应用程序共享数据和功能的技术。当Internet Explorer不正确地访问内存中的对象时，存在远程执行代码漏洞。以下产品和版本受到影响：Microsoft Windows Server 2003 SP2，Windows Vista SP2，Windows Server 2008 SP2和R2 SP1，Windows 7 SP1，Windows 8，Windows 8.1，Windows Serv

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-6332

#	POC Description	Source Link	Shenlong Link
1	app turn nil publics and privates into blanks 3 months ago config Use bundler/setup for more graceful bundler related failures 11 days ago data Add token fiddling from nishang 12 hours ago db Revert "Diff triggering comment" 12 days ago documentation Switch to Msf::OperatingSystems::Match::WINDOWS 2 months ago external Use PDWORD_PTR and DWORD_PTR 29 days ago features Up aruba timeout for simplecov overhead 4 days ago lib Check for load errors in reload_all 4 days ago modules Land #4255 - CVE-2014-6332 Internet Explorer 19 hours ago plugins Land #3588, @tobd-r7's Fix SpaceBeforeModifierKeyword Rubocop warning 4 months ago script rails generate cucumber:install 3 months ago scripts delete the old script a month ago spec Remove debug file writes 2 days ago test Fix up comment splats with the correct URI a month ago tools Fix bugs 24 days ago .gitignore Add note about rbenv for rvm .versions.conf local override 24 days ago .gitmodules Add RDI submodule, port Kitrap0d a year ago .mailmap Add @trosen-r7's alias for commits 6 months ago .rspec Add modern --require to .rspec 2 months ago .rubocop.yml Reapply PR #4113 (removed via #4175) 18 days ago .ruby-gemset Restoring ruby and gemset files 6 months ago .ruby-version Oh good, another Ruby version bump 14 days ago .simplecov Remove fastlib 2 months ago .travis.yml Enable fast_finish on travis-ci 12 days ago .yardopts Various merge resolutions from master <- staging 4 months ago CONTRIBUTING.md Add a don't to CONTRIBUTING about merge messages 11 days ago COPYING With 66 days left in 2014, may as well update a month ago Gemfile metasploit-credential bump to 0.13.3 16 days ago Gemfile.local.example Various merge resolutions from master <- staging 4 months ago Gemfile.lock Bump mdm version number 12 days ago HACKING Update link for The Metasploit Development Environment 5 months ago LICENSE Remove fastlib 2 months ago README.md Encourage use of the installer for users. 8 months ago Rakefile Merge branch 'feature/MSP-11130/metasploit-framework-spec-constants' … 24 days ago metasploit-framework-db.gemspec metasploit-credential bump to 0.13.3 16 days ago metasploit-framework-full.gemspec Update metasploit-framework-full.gemspec 23 days ago metasploit-framework-pcap.gemspec Depend on metasloit-framework in optional gemspecs 24 days ago metasploit-framework.gemspec Update meterpreter_bins to 0.0.11 18 days ago msfbinscan Remove fastlib 2 months ago msfcli Fix thread-leaks in msfcli spec 17 days ago msfconsole @wvu-r7 is a skilled negotiator. s/stdout/stderr/ a month ago msfd Remove fastlib 2 months ago msfelfscan Remove fastlib 2 months ago msfencode Remove fastlib 2 months ago msfmachscan Remove fastlib 2 months ago msfpayload fixes merge conflicts msfpayload & exe a month ago msfpescan Remove fastlib 2 months ago msfrop Remove fastlib 2 months ago msfrpc Remove fastlib 2 months ago msfrpcd Remove call to legacy db.sink queue, closes #4244 7 days ago msfupdate Always use maybe_wait_and_exit in msfupdate a year ago msfvenom Fix #4047 - undefined method `rank' due to an invalid encoder name 19 days ago README.md	https://github.com/MarkoArmitage/metasploit-framework	POC Details
2	None	https://github.com/tjjh89017/cve-2014-6332	POC Details
3	CVE-2014-6332 ZeroDay POC - Starts PowerShell	https://github.com/mourr/CVE-2014-6332	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-6332

Please Login to view more intelligence information

http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.htmlx_refsource_MISC
http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.htmlx_refsource_MISC
http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.htmlx_refsource_MISC
http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.htmlx_refsource_MISC
http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.htmlx_refsource_MISC
https://forsec.nl/wp-content/uploads/2014/11/ms14_064_ie_olerce.rb_.txtx_refsource_MISC
http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windowsx_refsource_MISC
https://www.exploit-db.com/exploits/38512/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/38500/exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/70952vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/37800/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/37668/exploitx_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1031184vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-064vendor-advisoryx_refsource_MS
http://www.us-cert.gov/ncas/alerts/TA14-318Bthird-party-advisoryx_refsource_CERT
http://www.kb.cert.org/vuls/id/158647third-party-advisoryx_refsource_CERT-VN
https://nvd.nist.gov/vuln/detail/CVE-2014-6332

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2014-6332

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2014-6332

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2014-6332

III. Intelligence Information for CVE-2014-6332

New Vulnerabilities

V. Comments for CVE-2014-6332

Leave a comment