CISA Known Exploited Vulnerability

CVE-2014-6352

Microsoft · Windows

Microsoft Windows Code Injection Vulnerability

Date added 2022-02-25

BOD 22-01 due date 2022-08-25

CWE CWE-94

Ransomware Unknown

CISA description

Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object.

Required action

Apply updates per vendor instructions.

Notes & references

https://nvd.nist.gov/vuln/detail/CVE-2014-6352

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

External lookups