CVE-2014-6352 - APT防御产品

CVE-2014-6352

[原文]Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.


[CNNVD]CNNVD数据暂缺。


[机译]Google 翻译(企业版):

-CVSS (基础分值)

CVSS分值: 9.3 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

-CWE (弱点类目)

CWE-94 [对生成代码的控制不恰当(代码注入)]

-CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_rt_8.1:-
cpe:/o:microsoft:windows_rt:-:gold
cpe:/o:microsoft:windows_8:-
cpe:/o:microsoft:windows_7:-:sp1
cpe:/o:microsoft:windows_vista::sp2 Microsoft Windows Vista Service Pack 2
cpe:/o:microsoft:windows_server_2008:r2:sp1 Microsoft Windows Server 2008 R2 Service Pack 1
cpe:/o:microsoft:windows_server_2012:-:gold
cpe:/o:microsoft:windows_server_2012:r2
cpe:/o:microsoft:windows_8.1:-
cpe:/o:microsoft:windows_server_2008::sp2 Microsoft Windows Server 2008 Service Pack 2

-OVAL (用于检测的技术细节)

未找到相关OVAL定义

-官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6352
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6352
(官方数据源) NVD

-其它链接及资源

https://technet.microsoft.com/library/security/3010060
(VENDOR_ADVISORY)  CONFIRM  https://technet.microsoft.com/library/security/3010060
http://xforce.iss.net/xforce/xfdb/97714
(UNKNOWN)  XF  ms-win-ole-cve20146352-code-exec(97714)
http://www.securitytracker.com/id/1031097
(UNKNOWN)  SECTRACK  1031097
http://www.securityfocus.com/bid/70690
(UNKNOWN)  BID  70690
http://twitter.com/ohjeongwook/statuses/524795124270653440
(UNKNOWN)  MISC  http://twitter.com/ohjeongwook/statuses/524795124270653440
http://technet.microsoft.com/security/bulletin/MS14-064
(UNKNOWN)  MS  MS14-064
http://secunia.com/advisories/61803
(UNKNOWN)  SECUNIA  61803
http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx
(UNKNOWN)  CONFIRM  http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx


转载请注明出处 APT防御产品 » CVE-2014-6352

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址