Description:
[AppleScript] 纯文本查看 复制代码
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
CVSS
[AppleScript] 纯文本查看 复制代码
CVSS分值: 9.3 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]
CPE
[AppleScript] 纯文本查看 复制代码 cpe:/o:microsoft:windows_rt_8.1:-
cpe:/o:microsoft:windows_rt:-:gold
cpe:/o:microsoft:windows_8:-
cpe:/o:microsoft:windows_7:-:sp1
cpe:/o:microsoft:windows_vista::sp2 Microsoft Windows Vista Service Pack 2
cpe:/o:microsoft:windows_server_2008:r2:sp1 Microsoft Windows Server 2008 R2 Service Pack 1
cpe:/o:microsoft:windows_server_2012:-:gold
cpe:/o:microsoft:windows_server_2012:r2
cpe:/o:microsoft:windows_8.1:-
cpe:/o:microsoft:windows_server_2008::sp2 Microsoft Windows Server 2008 Service Pack 2
POC:
CVE-2014-6352.zip
(3.74 KB, 下载次数: 3, 售价: 3 i币)
| 
发表于 2014-12-12 10:55:52
