Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution


Report ID: MS201403002
Date Published: March 11, 2014

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Windows 8.1
Windows 8
Windows 7
Windows Vista
Windows XP
and Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2
    (except Itanium-based editions)
Windows Server 2008
    (except Itanium-based editions)
Windows Server 2003




Summary

A vulnerability exists in the way that Microsoft DirectShow handles JPEG files that, if successfully exploited, may lead to remote code execution.



Detailed Description

A vulnerability exists in the way that Microsoft DirectShow parses specially crafted JPEG image files that, if successfully exploited, could allow an attacker to run arbitrary code in the context of the current user. If the user has full administrative rights, the attacker may gain complete control of the compromised system. Users with fewer rights may be less impacted.



CVE Reference

CVE-2014-0301



Solution

Install the latest security patch for applicable systems, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms14-013)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.