exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Microsoft Windows DirectShow Privilege Escalation

Microsoft Windows DirectShow Privilege Escalation
Posted Jul 16, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an input validation error in DirectShow when processing and unserializing "Stretch" objects in memory, which could be exploited to elevate privileges and execute arbitrary code in the context of the logged on user, or e.g. bypass Internet Explorer's Enhanced Protected Mode (EPM) sandbox.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2014-2780
SHA-256 | 40f607f1e58adf819a7c42c06abb4eb9360e75d0caf490c0619a31a7fb069410

Microsoft Windows DirectShow Privilege Escalation

Change Mirror Download
VUPEN Security Research - Microsoft Windows "DirectShow" Local Privilege
Escalation Vulnerability (Pwn2Own 2014)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen


I. BACKGROUND
---------------------

"Microsoft Windows is a series of software operating systems and
graphical user interfaces produced by Microsoft. Windows had
approximately 90% of the market share of the client operating
systems." (Wikipedia)


II. DESCRIPTION
---------------------

VUPEN Vulnerability Research Team discovered a critical vulnerability
in Microsoft Windows.

The vulnerability is caused by an input validation error in DirectShow
when processing and unserializing "Stretch" objects in memory, which
could be exploited to elevate privileges and execute arbitrary code
in the context of the logged on user, or e.g. bypass Internet
Explorer's Enhanced Protected Mode (EPM) sandbox.


III. AFFECTED PRODUCTS
---------------------------

Microsoft Windows 8.1
Microsoft Windows 8
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2008 R2 Service Pack 1 and prior
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior


IV. SOLUTION
----------------

Apply MS14-041 security update.


V. CREDIT
--------------

This vulnerability was discovered by VUPEN Security.


VI. ABOUT VUPEN Security
---------------------------

VUPEN is the leading provider of defensive and offensive cyber security
intelligence and advanced zero-day research. All VUPEN's vulnerability
intelligence results exclusively from its internal and in-house R&D
efforts conducted by its team of world-class researchers.

VUPEN Solutions: http://www.vupen.com/english/services/


VII. REFERENCES
----------------------

https://technet.microsoft.com/library/security/ms14-041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2780


VIII. DISCLOSURE TIMELINE
-----------------------------

2014-01-14 - Vulnerability Discovered by VUPEN Security
2014-03-14 - Vulnerability Reported to ZDI and Microsoft During Pwn2Own 2014
2014-07-08 - Vulnerability Fixed by Microsoft
2014-07-16 - Public disclosure
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close