Microsoft Windows DirectShow Privilege Escalation

2014.07.17
Credit: VUPEN
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 6.9/10
Impact Subscore: 10/10
Exploitability Subscore: 3.4/10
Exploit range: Local
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

VUPEN Security Research - Microsoft Windows "DirectShow" Local Privilege Escalation Vulnerability (Pwn2Own 2014) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user interfaces produced by Microsoft. Windows had approximately 90% of the market share of the client operating systems." (Wikipedia) II. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an input validation error in DirectShow when processing and unserializing "Stretch" objects in memory, which could be exploited to elevate privileges and execute arbitrary code in the context of the logged on user, or e.g. bypass Internet Explorer's Enhanced Protected Mode (EPM) sandbox. III. AFFECTED PRODUCTS --------------------------- Microsoft Windows 8.1 Microsoft Windows 8 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2008 R2 Service Pack 1 and prior Microsoft Windows 7 Service Pack 1 and prior Microsoft Windows Server 2008 Service Pack 2 and prior Microsoft Windows Vista Service Pack 2 and prior IV. SOLUTION ---------------- Apply MS14-041 security update. V. CREDIT -------------- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --------------------------- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house R&D efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES ---------------------- https://technet.microsoft.com/library/security/ms14-041 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2780 VIII. DISCLOSURE TIMELINE ----------------------------- 2014-01-14 - Vulnerability Discovered by VUPEN Security 2014-03-14 - Vulnerability Reported to ZDI and Microsoft During Pwn2Own 2014 2014-07-08 - Vulnerability Fixed by Microsoft 2014-07-16 - Public disclosure

References:

https://technet.microsoft.com/library/security/ms14-041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2780


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top