CVE-2014-6363

Microsoft VBScript <5.9 - RCE

Title source: llm

Description

vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Skylined · htmlremotewindows

https://www.exploit-db.com/exploits/40721

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1075

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40721/

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-084

Scores

EPSS 0.2683

EPSS Percentile 96.4%

Details

CWE

CWE-399

Status published

Products (9)

microsoft/internet_explorer 6

microsoft/internet_explorer 7

microsoft/internet_explorer 8

microsoft/internet_explorer 9

microsoft/internet_explorer 10

microsoft/internet_explorer 11

microsoft/vbscript 5.6

microsoft/vbscript 5.7

microsoft/vbscript 5.8

Published Dec 11, 2014

Tracked Since Feb 18, 2026