NVD disclosure day

Published threat advisories for November 11, 2014

CVE advisoryKnown Exploit

CVE-2014-6332

Windows OLE Remote Code Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Microsoft Windows OLE Automation allows remote attackers to execute arbitrary code via crafted websites. This poses a business risk through potential system compromise and unauthorized access to data. Organizations should apply vendor security updates to affected systems.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2014-4077

Microsoft IME Elevation of Privilege Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

Affected Microsoft systems with the Japanese Input Method Editor installed are vulnerable to privilege escalation. Attackers can exploit this by tricking users into opening a malicious PDF, bypassing security and potentially gaining unauthorized system control. The risk to organizations involves compromised data and sy

NVD published: • CISA KEV