Multiple vulnerabilities in Microsoft products

Beschreibung

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service gain privileges, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

1. Improper input validation can be exploited locally via a specially designed input;
2. Improper thread handling can be exploited locally via unknown vectors;
3. Improper 2D figures handling can be exploited remotely via a specially designed files;
4. Improper JPEG files parsing can be exploited remotely via a specially designed file or memory manipulations;
5. An unknown vulnerability can be exploited remotely via a specially designed web content;
6. An unknown vulnerability can be exploited remotely via vectors related to IPv6;
7. Improper handling objects in memory can be exploited remotely via an unknown vectors;
8. Improper file associations handling can be exploited remotely via vectors related to Windows Shell;
9. Improper user state validation can be exploited remotely via vectors related to SAMR;
10. Improper iSCSI packets handling can be exploited remotely via an unknown vectors;
11. An unknown vulnerability can be exploited remotely via vectors related to RDP, On-Screen keyboard, DirectShow, Internet Explorer, Microsoft IME for Japanese and Task Sheduler;
12. Improper .bat or .cmd files processing can be exploited locally via DLL hijack;
13. Improper passwords handling can be exploited remotely via share access;
14. Improper TCP implementation can be exploited remotely via a specially designed TCP header;
15. Use-After-free can be exploited remotely via a specially designed Office document;
16. Improper font files restrictions can be exploited locally via a specially designed file;
17. Improper signatures validation can be exploited remotely via vectors related to Kerberos KDC;
18. Memory leak can be exploited remotely via a specially designed client;
19. Double free vulnerability can be exploited locally via a specially designed application;
20. An unknown vulnerability can be exploited via specially designed application;
21. Improper addresses validation can be exploited locally via specially designed IOCTL call;
22. Improper XML handling can be exploited remotely via a specially designed XML content;
23. Improper permissions validation can be exploited remotely via vectors related to Microsoft audio component;
24. Improper handling failed login attempts can be exploited via vectors related to RDP;
25. Improper memory allocation can be exploited remotely via a specially designed USB device;
26. An unknown vulnerability can be exploited remotely via a specially designed OLE object;
27. Improper packets handling can be exploited remotely via a vectors related to Secure Channel;
28. An unknown vulnerability can be exploited remotely via a specially designed Journal.

Ursprüngliche Informationshinweise

• CVE-2014-1816

• CVE-2014-6532
• CVE-2014-0266
• CVE-2014-4076
• CVE-2014-6321
• CVE-2014-6322
• CVE-2014-6324
• CVE-2014-1767
• CVE-2014-4077
• CVE-2014-4074
• CVE-2014-1807
• CVE-2013-5065
• CVE-2014-0300
• CVE-2014-0323
• CVE-2014-4971
• CVE-2014-0301
• CVE-2014-0262
• CVE-2014-0263
• CVE-2014-4115
• CVE-2014-4113
• CVE-2014-0315
• CVE-2014-0316
• CVE-2014-0317
• CVE-2014-0255
• CVE-2014-0318
• CVE-2014-4118
• CVE-2014-6352
• CVE-2014-6332
• CVE-2014-0296
• CVE-2014-0256
• CVE-2014-1811
• CVE-2014-0254
• CVE-2014-1819
• CVE-2014-6355
• CVE-2014-2780
• CVE-2014-2781
• CVE-2014-1812
• CVE-2014-4064
• CVE-2014-6318
• CVE-2014-1814
• CVE-2014-4060
• CVE-2014-1824
• CVE-2014-6317
• CVE-2014-4114
• CVE-2014-4148

CVE Liste

• CVE-2014-1816
  critical
• CVE-2014-6532
  critical
• CVE-2014-0266
  critical
• CVE-2014-4076
  critical
• CVE-2014-6321
  critical
• CVE-2014-6322
  critical
• CVE-2014-6324
  critical
• CVE-2014-1767
  critical
• CVE-2014-4077
  critical
• CVE-2014-4074
  critical
• CVE-2014-1807
  critical
• CVE-2013-5065
  critical
• CVE-2014-0300
  critical
• CVE-2014-0323
  critical
• CVE-2014-4971
  critical
• CVE-2014-0301
  critical
• CVE-2014-0262
  critical
• CVE-2014-0263
  critical
• CVE-2014-4115
  critical
• CVE-2014-4113
  critical
• CVE-2014-0315
  critical
• CVE-2014-0316
  critical
• CVE-2014-0317
  critical
• CVE-2014-0255
  critical
• CVE-2014-0318
  critical
• CVE-2014-4118
  critical
• CVE-2014-6352
  critical
• CVE-2014-6332
  critical
• CVE-2014-0296
  critical
• CVE-2014-0256
  critical
• CVE-2014-1811
  critical
• CVE-2014-0254
  critical
• CVE-2014-1819
  critical
• CVE-2014-6355
  critical
• CVE-2014-2780
  critical
• CVE-2014-2781
  critical
• CVE-2014-1812
  critical
• CVE-2014-4064
  critical
• CVE-2014-6318
  critical
• CVE-2014-1814
  critical
• CVE-2014-4060
  critical
• CVE-2014-1824
  critical
• CVE-2014-6317
  critical
• CVE-2014-4114
  critical
• CVE-2014-4148
  critical

KB Liste

• 2966631
• 2957482
• 2966061
• 2939576
• 2922229
• 2973201
• 2975689
• 2957189
• 3013126
• 2969259
• 2929961
• 3010788
• 2984615
• 2914368
• 3003743
• 3002885
• 2904659
• 2961858
• 3005607
• 2962490
• 2592687
• 2966034
• 2993958
• 2988948
• 2961072
• 2926765
• 2973932
• 2962123
• 2998579
• 2989935
• 2973906
• 2961899
• 2933826
• 2962478
• 2975685
• 2975684
• 2916036
• 2975681
• 2978742
• 2933528
• 2934418
• 2993254
• 2978668
• 2974286
• 2928120
• 2991963
• 2992611
• 3000869
• 3011443
• 2923392
• 2962488
• 2918614
• 2962485
• 2889913
• 2912390
• 2962486
• 2930275
• 2919355
• 2965788
• 2972280
• 2962073
• 2971850
• 2992719
• 2993651
• 3000061
• 2913602
• 2976897
• 2973408
• 3006226
• 3011780

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com