CVE-2014-6332

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function. This occurs due to improper handling of objects in memory by Internet Explorer. An attacker who successfully exploits this issue could run arbitrary code in the context of the current user, potentially leading to the installation of programs, viewing, changing, or deleting data, or creating new accounts with full user rights.

Recommendations For all affected versions of Microsoft Windows, apply the patch provided by Microsoft to fix the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.