Vulnerability CVE-2014-2780

Vulnerability CVE-2014-2780

Published: 2014-07-08 Modified: 2014-07-09

Description:

DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka "DirectShow Elevation of Privilege Vulnerability."

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	Microsoft Windows DirectShow Privilege Escalation	VUPEN	17.07.2014

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.9/10	10/10	3.4/10

Exploit range	Attack complexity	Authentication
Local	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Microsoft -> Windows 7
Microsoft -> Windows 8
Microsoft -> Windows 8.1
Microsoft -> Windows server 2008
Microsoft -> Windows server 2012
Microsoft -> Windows vista

References:

http://www.securityfocus.com/archive/1/532800/100/0/threaded

http://www.securityfocus.com/bid/68392

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-041

Copyright 2024, cxsecurity.com