RCE in Microsoft Web_applications

CVE-2014-1813

Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability."

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.202 (95.6th percentile) — read the EPSS interpretation.

Affected products

Microsoft Web_applications — versions 2010
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

MS14-022 (x_refsource_MS, vendor-advisory)
1030227 (vdb-entry, x_refsource_SECTRACK)