CVE-2014-6332

OleAut32.dll Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 va R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold va R2 va Windows RT Gold va 8.1-da OLE-da tajovuzkorlarga veb-saytlar tomonidan ishlab chiqilgan kodlar yordamida masofadan turib ishlashga imkon beradi. SafeArrayDimen funksiyasida oʻlcham qiymatining notoʻgʻri ishlashiga olib keladigan massiv oʻlchamini oʻzgartirishga urinish, yaʼni “Windows OLE Automation Array Remote Code Execution zaifligi”.

CVSS Vector

Manbalar

• http://packetstormsecurity.com/files/134053/Avant-Browser-Lite-Ultimate-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/134061/The-World-Browser-3.0-Final-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/134062/HTML-Compiler-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/134064/Microsoft-Compiled-HTML-Help-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/134079/Winamp-Bento-Browser-Remote-Code-Execution.html