56 matches found
CVE-2014-0263
CVE-2014-0263 concerns a remote code execution vulnerability in the Windows Graphics Component (Direct2D). The issue arises when the Direct2D implementation in affected Windows versions encounters a large 2D geometric figure, processed via Internet Explorer, leading to memory corruption that can ...
Microsoft Windows Direct2D Remote Code Execution Vulnerability (2912390)
This host is missing a critical security update according to Microsoft Bulletin MS14-007. OpenVAS Vulnerability Test $Id: secpodms14-007.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft Windows Direct2D Remote Code Execution Vulnerability 2912390 Authors: Antu Sanadi Copyright: Copyright c 2014...
Microsoft Windows Direct2D Remote Code Execution Vulnerability (2912390)
This host is missing a critical security update according to Microsoft Bulletin MS14-007. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Windows图形组件远程代码执行漏洞(CVE-2014-0263)(MS14-007)
BUGTRAQ ID: 65393 CVECAN ID: CVE-2014-0263 Windows是一款由美国微软公司开发的窗口化操作系统。 Microsoft Windows受影响版本处理特制的2D几何图形时Direct2D存在远程代码执行漏洞,如果用户用IE查看包含了特制图形的文件,该漏洞可造成内存破坏,导致远程代码执行。 0 Microsoft Windows Windows Server 2012 Microsoft Windows Server 2008 Microsoft Windows RT 8.1 Microsoft Windows RT Microsoft Windo...
February 2014 Microsoft Patch Tuesday Security Bulletins
The expected continued respite from deploying Internet Explorer patches was apparently a mirage as Microsoft changed course from last Thursday’s advance notification and added two more bulletins to the February 2014 Patch Tuesday security updates, including the first IE rollup of 2014. IE had...
Microsoft Windows multiple security vulnerabilities
XML services information leakage, IPv6 DoS, Direct2D memory corruption, .Net privilege escalation, VBScript code execution...
CVE-2011-3649
Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D aka D2D API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE:...
CVE-2011-3649
Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D aka D2D API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE:...
Design/Logic Flaw
Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D aka D2D API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE:...
CVE-2011-3649
CVE-2011-3649 affects Mozilla Firefox 7.0 and Thunderbird 7.0 on Windows when using Direct2D with the Azure graphics backend, allowing cross-origin image data to be read via a manipulated canvas (Same Origin Policy bypass). The issue stems from a regression introduced by CVE-2011-2986. According ...
CVE-2011-2986
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D aka D2D API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data...
CVE-2011-2986
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D aka D2D API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data...
CVE-2011-2986
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D aka D2D API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data...
Design/Logic Flaw
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D aka D2D API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data...
CVE-2011-2986
CVE-2011-2986 affects Mozilla Firefox 4.x–5, Thunderbird before 6, and SeaMonkey 2.x before 2.3 on Windows when using Direct2D. The issue allows cross‑origin data theft by inserting image data from a different domain into a canvas, potentially bypassing the Same Origin Policy. Root cause, as stat...
CVE-2011-2986
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D aka D2D API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data...