CVE-2014-0294

Published: Feb 12, 2014Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability."

Affected (1)

Products: Microsoft: Microsoft Forefront Protection 2010

Microsoft

1 product

Microsoft Forefront Protection 2010

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Microsoft Forefront Protection 2010	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (10)

http://osvdb.org/103161

Source: secure@microsoft.com

http://secunia.com/advisories/56788

Source: secure@microsoft.com

http://www.securityfocus.com/bid/65397

Source: secure@microsoft.com

http://www.securitytracker.com/id/1029744

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-008

Source: secure@microsoft.com

http://osvdb.org/103161