KLA10601 Multiple vulnerabilities in Microsoft products

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1...

VUPEN Security Research - Microsoft Windows "DirectShow" Privilege Escalation Vulnerability (Pwn2Own 2014)

VUPEN Security Research - Microsoft Windows "DirectShow" Local Privilege Escalation Vulnerability Pwn2Own 2014 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Windows is a series of software operating systems and graphical user...

(Pwn2Own) Microsoft Windows DirectShow Privilege Escalation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

Microsoft DirectShow Elevation of Privileges Vulnerability (2975681)

This host is missing an important security update according to Microsoft Bulletin MS14-041. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Privilege escalation

DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka "DirectShow...

CVE-2014-2780

DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka "DirectShow...

CVE-2014-2780

CVE-2014-2780 corresponds to a DirectShow elevation-of-privilege vulnerability in Microsoft Windows (affecting Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8, 8.1, and Server 2012). The root cause is an input-validation flaw in DirectShow when processing unserialized Stretch objects, enabling lo...

Microsoft July 2014 Patch Tuesday fixes 29 IE Vulnerabilities

Microsoft today issued two critical-, three important-, and one moderate-rated security bulletins in the July edition of its monthly Patch Tuesday release. The updates address 29 security vulnerabilities in the company’s Windows operating system, Internet Explorer browser, and server software. Th...

Microsoft DirectX DirectShow CVE-2014-2780 Local Privilege Escalation Vulnerability

Description Microsoft DirectX DirectShow is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to execute arbitrary code with elevated privileges in the context of the logged-in user. Failed exploit attempts may cause a denial-of-service condition...

MS14-041: Vulnerability in DirectShow could allow elevation of privilege: July 8, 2014

Resolves a vulnerability in Microsoft Windows that could allow elevation of privilege if an attacker first exploits another vulnerability in a low-integrity process and then uses this vulnerability to execute specially crafted code in the context of the logged-on user.INTRODUCTIONMicrosoft has...

MS14-041: Vulnerability in Microsoft DirectShow Could Allow Elevation of Privilege (2975681)

The remote Windows host is affected by a vulnerability in Microsoft DirectShow that could allow privilege escalation. Note that this issue can only be exploited if an attacker first successfully exploits another vulnerability in a low integrity process. C Tenable Network Security, Inc...

Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption

No description provided by source. $Id: msvidctlmpeg2.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

Orb 2.0.01.0049 - 2.54.0018 - DirectShow DoS

No description provided by source. When Orb is first installed it registers several Direct Show filters with the system. When registered these filters are then called whenever a file which has a dependency on such a required filter is accessed. By specially crafting specific headers embedded into...

Microsoft DirectX DirectShow SAMI Buffer Overflow

No description provided by source. $Id: ms07064sami.rb 10550 2010-10-05 01:05:49Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

DirectShow Arbitrary Memory Overwrite Vulnerability (MS13-056)

No description provided by source. Introduction: The Microsoft DirectShow application programming interface API is a media-streaming architecture for Microsoft Windows. Using DirectShow, your applications can perform high-quality video and audio playback or capture. Overview: DirectShow in...

Microsoft Windows DirectShow JPEG Double Free (MS14-013; CVE-2014-0301) - ver 2

A double free vulnerability has been reported in Microsoft Windows DirectShow. The vulnerability is due to the way DirectShow handles JPEG images. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted JPEG file...

Microsoft DirectShow AVI Parser Heap Overflow - Ver2 (CVE-2010-0250)

A buffer overflow vulnerability has been reported in Microsoft DirectShow. The vulnerability is due to the way Microsoft DirectShow component handles specially crafted AVI files. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected...

Microsoft DirectShow QuickTime Movie Parser Filter Code Execution - Ver2 (CVE-2009-1537)

Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. The QuickTime Movie Parser filter splits Apple QuickTime data into audio and video streams. The vulnerability is due to the way Microsof...

Microsoft DirectShow Crafted MJPEG Stream Handling Code Execution (MS10-033) - Ver2 (CVE-2010-1879)

Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. Audio Video Interleave AVI is a file type that is used with applications that capture, edit, and play back audio-video sequences. A remo...

Microsoft Windows DirectShow JPEG Double Free (MS14-013; CVE-2014-0301)

A double free vulnerability has been reported in Microsoft Windows DirectShow. The vulnerability is due to the way DirectShow handles JPEG images. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted JPEG file...