Описание
Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service gain privileges, execute arbitrary code or obtain sensitive information.
Below is a complete list of vulnerabilities
- Improper input validation can be exploited locally via a specially designed input;
- Improper thread handling can be exploited locally via unknown vectors;
- Improper 2D figures handling can be exploited remotely via a specially designed files;
- Improper JPEG files parsing can be exploited remotely via a specially designed file or memory manipulations;
- An unknown vulnerability can be exploited remotely via a specially designed web content;
- An unknown vulnerability can be exploited remotely via vectors related to IPv6;
- Improper handling objects in memory can be exploited remotely via an unknown vectors;
- Improper file associations handling can be exploited remotely via vectors related to Windows Shell;
- Improper user state validation can be exploited remotely via vectors related to SAMR;
- Improper iSCSI packets handling can be exploited remotely via an unknown vectors;
- An unknown vulnerability can be exploited remotely via vectors related to RDP, On-Screen keyboard, DirectShow, Internet Explorer, Microsoft IME for Japanese and Task Sheduler;
- Improper .bat or .cmd files processing can be exploited locally via DLL hijack;
- Improper passwords handling can be exploited remotely via share access;
- Improper TCP implementation can be exploited remotely via a specially designed TCP header;
- Use-After-free can be exploited remotely via a specially designed Office document;
- Improper font files restrictions can be exploited locally via a specially designed file;
- Improper signatures validation can be exploited remotely via vectors related to Kerberos KDC;
- Memory leak can be exploited remotely via a specially designed client;
- Double free vulnerability can be exploited locally via a specially designed application;
- An unknown vulnerability can be exploited via specially designed application;
- Improper addresses validation can be exploited locally via specially designed IOCTL call;
- Improper XML handling can be exploited remotely via a specially designed XML content;
- Improper permissions validation can be exploited remotely via vectors related to Microsoft audio component;
- Improper handling failed login attempts can be exploited via vectors related to RDP;
- Improper memory allocation can be exploited remotely via a specially designed USB device;
- An unknown vulnerability can be exploited remotely via a specially designed OLE object;
- Improper packets handling can be exploited remotely via a vectors related to Secure Channel;
- An unknown vulnerability can be exploited remotely via a specially designed Journal.
Первичный источник обнаружения
- CVE-2014-1816
CVE-2014-6532
CVE-2014-0266
CVE-2014-4076
CVE-2014-6321
CVE-2014-6322
CVE-2014-6324
CVE-2014-1767
CVE-2014-4077
CVE-2014-4074
CVE-2014-1807
CVE-2013-5065
CVE-2014-0300
CVE-2014-0323
CVE-2014-4971
CVE-2014-0301
CVE-2014-0262
CVE-2014-0263
CVE-2014-4115
CVE-2014-4113
CVE-2014-0315
CVE-2014-0316
CVE-2014-0317
CVE-2014-0255
CVE-2014-0318
CVE-2014-4118
CVE-2014-6352
CVE-2014-6332
CVE-2014-0296
CVE-2014-0256
CVE-2014-1811
CVE-2014-0254
CVE-2014-1819
CVE-2014-6355
CVE-2014-2780
CVE-2014-2781
CVE-2014-1812
CVE-2014-4064
CVE-2014-6318
CVE-2014-1814
CVE-2014-4060
CVE-2014-1824
CVE-2014-6317
CVE-2014-4114
CVE-2014-4148
Эксплуатация
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Связанные продукты
- Microsoft-Windows-Vista-2
- Microsoft-Windows-Server-2012
- Microsoft-Windows-8
- Microsoft-Windows-7
- Microsoft-Windows-Server-2008
- Microsoft-Windows-Server-2003
- Windows-RT
- Microsoft-Windows-XP
Список CVE
- CVE-2014-1816 warning
- CVE-2014-6532 critical
- CVE-2014-0266 high
- CVE-2014-4076 high
- CVE-2014-6321 critical
- CVE-2014-6322 warning
- CVE-2014-6324 critical
- CVE-2014-1767 high
- CVE-2014-4077 critical
- CVE-2014-4074 high
- CVE-2014-1807 high
- CVE-2013-5065 critical
- CVE-2014-0300 high
- CVE-2014-0323 high
- CVE-2014-4971 high
- CVE-2014-0301 critical
- CVE-2014-0262 high
- CVE-2014-0263 critical
- CVE-2014-4115 high
- CVE-2014-4113 critical
- CVE-2014-0315 high
- CVE-2014-0316 high
- CVE-2014-0317 high
- CVE-2014-0255 warning
- CVE-2014-0318 high
- CVE-2014-4118 critical
- CVE-2014-6352 critical
- CVE-2014-6332 critical
- CVE-2014-0296 high
- CVE-2014-0256 warning
- CVE-2014-1811 warning
- CVE-2014-0254 high
- CVE-2014-1819 high
- CVE-2014-6355 warning
- CVE-2014-2780 high
- CVE-2014-2781 high
- CVE-2014-1812 critical
- CVE-2014-4064 warning
- CVE-2014-6318 warning
- CVE-2014-1814 high
- CVE-2014-4060 high
- CVE-2014-1824 critical
- CVE-2014-6317 high
- CVE-2014-4114 critical
- CVE-2014-4148 critical
Список KB
- 2966631
- 2957482
- 2966061
- 2939576
- 2922229
- 2973201
- 2975689
- 2957189
- 3013126
- 2969259
- 2929961
- 3010788
- 2984615
- 2914368
- 3003743
- 3002885
- 2904659
- 2961858
- 3005607
- 2962490
- 2592687
- 2966034
- 2993958
- 2988948
- 2961072
- 2926765
- 2973932
- 2962123
- 2998579
- 2989935
- 2973906
- 2961899
- 2933826
- 2962478
- 2975685
- 2975684
- 2916036
- 2975681
- 2978742
- 2933528
- 2934418
- 2993254
- 2978668
- 2974286
- 2928120
- 2991963
- 2992611
- 3000869
- 3011443
- 2923392
- 2962488
- 2918614
- 2962485
- 2889913
- 2912390
- 2962486
- 2930275
- 2919355
- 2965788
- 2972280
- 2962073
- 2971850
- 2992719
- 2993651
- 3000061
- 2913602
- 2976897
- 2973408
- 3006226
- 3011780
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!