You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2014-6332
About this tag
CVE-2014-6332 is a Microsoft Windows OLE Automation Array remote code execution vulnerability. It affects Windows Vista, 7, 8, 8.1, RT, RT 8.1, and multiple Windows Server editions. The flaw resides in the OleAut32.dll library's SafeArrayRedim function, which can be exploited when a user views a specially-crafted web page in Internet Explorer. This allows an attacker to execute arbitrary code on the target system. The vulnerability was disclosed in November 2014 and is associated with US-CERT alert TA14-318B. Discussions on WindowsForum.com cover the affected systems, technical details, and mitigation steps for this security issue.
Original release date: November 14, 2014
Systems Affected
Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1
Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2
Overview
A vulnerability in Microsoft Windows Object Linking and Embedding (OLE) could allow...
administrator
arbitrary code
cve-2014-6332
execution
exploit
impact
internet explorer
memory
mitigation
ole
privileged access
remote code execution
safearrayredim
security
server 2003
server 2008
update
vbscript
vulnerability
windows