Microsoft Windows Direct2D Bug Lets Remote Users Execute Arbitrary Code
|
SecurityTracker Alert ID: 1029743 |
SecurityTracker URL: http://securitytracker.com/id/1029743
|
CVE Reference:
CVE-2014-0263
(Links to External Site)
|
Date: Feb 11 2014
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 7 SP1, 2008 R2 SP1, 8, 8.1, 2012 R2, RT, RT 8.1
|
Description:
A vulnerability was reported in Microsoft Windows Direct2D. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a file containing specially crafted specially crafted 2D geometric figures that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.
Omair (via HP's Zero Day Initiative) reported this vulnerability.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Windows 7 for 32-bit Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=43779b6d-d8d5-40b0-a09e-d0009ec0cbcd
Windows 7 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=870a136b-81f9-4d4c-9174-28092cc7fc10
Windows Server 2008 R2 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=2fd74351-304a-4b27-b44a-c08ff58c9aa6
Windows 8 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=a92130ec-0795-4f98-9219-c50571e33d35
Windows 8 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=3a86ba25-1f1f-498f-a95c-39819157f5db
Windows 8.1 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=a4809d9e-bd56-4b68-8af9-3f3a0a0ea4e0
Windows 8.1 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=99460009-b897-4e62-8e36-8d5453341e78
Windows Server 2012:
http://www.microsoft.com/downloads/details.aspx?familyid=957e57ce-8184-450e-9539-d605b3e3ef98
Windows Server 2012 R2:
http://www.microsoft.com/downloads/details.aspx?familyid=809408c2-b329-4554-bf2b-c9a8901791ac
A restart may be required.
The Microsoft advisory is available at:
http://technet.microsoft.com/en-us/security/bulletin/ms14-007
|
Vendor URL: technet.microsoft.com/en-us/security/bulletin/ms14-007 (Links to External Site)
|
Cause:
Access control error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|