MS14-019: Vulnerability in Windows file handling component could allow remote code execution: April 8, 2014

MS14-019: Vulnerability in Windows file handling component could allow remote code execution: April 8, 2014 INTRODUCTION Microsoft has released security bulletin MS14-019. To learn more about this security bulletin: Home users: https://www.microsoft.com/security/pc-security/updates.aspxSkip the...

Microsoft Windows File Handling Component Remote Code Execution (MS14-019; CVE-2014-0315)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is caused by Windows improperly restricting the path used for processing .bat and .cmd files. A remote attacker could trigger this flaw by placing a malicious executable in the working directory e.g. a...

MS14-019 – Fixing a binary hijacking via .cmd or .bat file

Command .cmd and batch .bat files can be directly provided as input to the CreateProcess as if it is an executable. CreateProcess uses the cmd.exe automatically to run the input .cmd or .bat. Today, with the bulletin MS14-019 we are fixing a vulnerability, where in particular scenario it is...

MS14-019: Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)

The remote Windows host is potentially affected by a vulnerability in the way that Windows processes .bat and .cmd files that could allow remote code execution if a user is convinced to run a specially crafted .bat or .cmd file. When exploiting this vulnerability, an attacker could gain the same...