Vulnerabilities > CVE-2014-0301 - Double Free vulnerability in Microsoft products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka "DirectShow Memory Corruption Vulnerability."

Common Weakness Enumeration (CWE)

Msbulletin

bulletin_idMS14-013
bulletin_url
date2014-03-11T00:00:00
impactRemote Code Execution
knowledgebase_id2929961
knowledgebase_url
severityCritical
titleVulnerability in Microsoft DirectShow Could Allow Remote Code Execution

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS14-013.NASL
descriptionThe remote Windows host is potentially affected by a vulnerability in Microsoft DirectShow that could allow remote code execution if a user opens a malicious image file.
last seen2020-06-01
modified2020-06-02
plugin id72931
published2014-03-11
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/72931
titleMS14-013: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(72931);
  script_version("1.8");
  script_cvs_date("Date: 2018/11/15 20:50:31");

  script_cve_id("CVE-2014-0301");
  script_bugtraq_id(66045);
  script_xref(name:"MSFT", value:"MS14-013");
  script_xref(name:"MSKB", value:"2929961");

  script_name(english:"MS14-013: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)");
  script_summary(english:"Checks version of Qedit.dll");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is potentially affected by a remote code
execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is potentially affected by a vulnerability in
Microsoft DirectShow that could allow remote code execution if a user
opens a malicious image file.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-013");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows XP, 2003, Vista, 7,
2008, 2008 R2, 8, 8.1, 2012, and 2012 R2.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");

  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 'Host/patch_management_checks');

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

bulletin = 'MS14-013';
kb = '2929961';

kbs = make_list(kb);
if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);
if (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

########## KB2929961 ###########
#  Windows XP SP3,             #
#  Windows XP SP2 x64,         #
#  Windows 2003 SP2,           #
#  Windows Vista SP2,          #
#  Windows 7,                  #
#  Windows Server 2008 SP2,    #
#  Windows Server 2008 R2      #
#  Windows Server 8            #
#  Windows Server 2012         #
#  Windows Server 8.1          #
#  Windows Server 2012 R2      #
################################
if (
  # Windows 8.1 / Windows Server 2012 R2
  hotfix_is_vulnerable(os:"6.3", sp:0, file:"Qedit.dll", version:"6.6.9600.16650", min_version:"6.6.9600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 8 / Windows Server 2012
  hotfix_is_vulnerable(os:"6.2", sp:0, file:"Qedit.dll", version:"6.6.9200.20931", min_version:"6.6.9200.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.2", sp:0, file:"Qedit.dll", version:"6.6.9200.16812", min_version:"6.6.9200.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 7 and Windows Server 2008 R2
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Qedit.dll", version:"6.6.7601.22590", min_version:"6.6.7601.22000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.1", sp:1, file:"Qedit.dll", version:"6.6.7601.18386", min_version:"6.6.7600.16000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Vista / Windows 2008
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Qedit.dll", version:"6.6.6002.23321", min_version:"6.6.6002.23000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:2, file:"Qedit.dll", version:"6.6.6002.19033", min_version:"6.6.6002.18000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows 2003 / XP x64
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Qedit.dll", version:"6.5.3790.5294",  dir:"\system32", bulletin:bulletin, kb:kb) ||

  # Windows XP x86
  hotfix_is_vulnerable(os:"5.1", sp:3, arch:"x86", file:"Qedit.dll", version:"6.5.2600.6512", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Seebug

bulletinFamilyexploit
descriptionCVE ID:CVE-2014-0301 Microsoft Windows是一款微软开发的流行的操作系统。Microsoft DirectX是Windows操作系统中的一项功能,流媒体在玩游戏或观看视频时通过这个功能支持图形和声音。 Microsoft Windows DirectShow在处理特制的JPEG文件时存在一个内存破坏漏洞,允许攻击者构建恶意文件,诱使用户解析,可使应用程序崩溃或以应用程序上下文执行任意代码。 0 Microsoft Windows XP SP3 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Microsoft Windows 7 SP1 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows 8 SP0 Microsoft Windows Server 2012 SP0 Microsoft Windows XP Professional 64-bit Edition SP2 Microsoft Windows Server 2012 R2 SP0 Microsoft Windows 8.1 SP0 厂商补丁: Microsoft --------- 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: https://technet.microsoft.com/en-us/security/bulletin/MS14-013
idSSV:61773
last seen2017-11-19
modified2014-03-12
published2014-03-12
reporterRoot
titleMicrosoft Windows DirectShow畸形JPEG文件处理内存破坏漏洞