Oval Definition:oval:org.mitre.oval:def:28368
Revision Date:2015-03-09Version:46
Title:Internet Explorer memory corruption vulnerability - CVE-2014-6363 (MS14-080)
Description:vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-6363
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):VBScript 5.6
VBScript 5.7
VBScript 5.8
Definition Synopsis
  • VBScript 5.6 and 2K3 vulnerable version
  • vbscript.dll 5.6 or later is installed
  • AND 2K3 + vulnerable file version
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 for Itanium is installed
  • AND Check if the version of vbscript.dll is less than 5.6.0.8853
  • AND Internet Explorer 6 (any patch level) is installed
  • OR VBScript 5.7 and 2K3/Vista/2k8 vulnerable version
  • Vbscript.dll 5.7 or later is installed
  • AND 2K3/Vista/2k8 vulnerable version
  • 2k3 and vulnerable file version
  • 2K3
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 for Itanium is installed
  • AND Check if the version of vbscript.dll is less than 5.7.6002.23528
  • OR Vista / 2k8 and vulnerable file version
  • Vista / 2K8
  • Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • OR Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • AND Check for vulnerable version
  • Check if the version of vbscript.dll is less than 5.7.6002.19221
  • AND IE 6/7
  • Internet Explorer 7 is installed
  • OR Internet Explorer 6 (any patch level) is installed
  • OR VBScript 5.8 and 2K3/Vista/2k8/Win7/2k8 R2/Win 8/Win 8.1/Win 2k12/Win 2k12 R2 vulnerable version
  • Vbscript.dll 5.8 or later is installed
  • AND 2K3/Vista/2K8/Win7/R2 + VBScript 5.8 + vulnerable version
  • /2k3 and vulnerable version
  • / 2K3
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • AND Check if the version of vbscript.dll is less than 5.8.6001.23642
  • OR Vista / 2K8 and vulnerable file version
  • Vista / 2K8
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND Check for vulnerable version
  • Check if the version of vbscript.dll is less than 5.8.6001.19587
  • OR Win7/R2 + vulnerable file version
  • Win7/R2
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
  • AND vulnerable file version
  • Check if the version of vbscript.dll is less than 5.8.7601.18648
  • AND Internet Explorer 8 is installed
  • OR Vbscript.dll 5.8 and vul version
  • Vbscript.dll 5.8 or later is installed
  • AND 2k8/Win7/2k8 R2/Win 8/Win 8.1/Win 2k12/Win 2k12 R2 vulnerable version
  • Vista/2k8/Win7/R2 and IE 8 + vulnerable file version
  • Vista / 2K8
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • AND Check for vulnerable version
  • Check if the version of vbscript.dll is less than 5.8.7601.17104
  • AND Internet Explorer 9 is installed
  • OR Win7/R2/Win8/2k12 and IE 10 + vulnerable file version
  • Check if Microsoft Internet Explorer 10 is installed
  • AND Win7/R2/Win8/2k12 + VBScript 5.8 + vulnerable version
  • OR Win7/R2/Win8.1/2k12 R2 and IE 11 + vulnerable file version
  • Win7/R2
  • Microsoft Windows 7 (32-bit) is installed
  • OR Microsoft Windows 7 x64 Edition is installed
  • OR Microsoft Windows Server 2008 R2 x64 Edition is installed
  • OR Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND Check if the version of vbscript.dll is less than 5.8.9600.17496
  • AND Check if Microsoft Internet Explorer 11 is installed
    • BACK