lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 16 Jul 2014 11:53:19 +0200
From: VUPEN Security Research <advisories@...en.com>
To: bugtraq@...urityfocus.com
Subject: VUPEN Security Research - Microsoft Windows "DirectShow" Privilege
 Escalation Vulnerability (Pwn2Own 2014)

VUPEN Security Research - Microsoft Windows "DirectShow" Local Privilege
Escalation Vulnerability (Pwn2Own 2014)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen


I. BACKGROUND
---------------------

"Microsoft Windows is a series of software operating systems and
graphical user interfaces produced by Microsoft. Windows had
approximately 90% of the market share of the client operating
systems." (Wikipedia)


II. DESCRIPTION
---------------------

VUPEN Vulnerability Research Team discovered a critical vulnerability
in Microsoft Windows.

The vulnerability is caused by an input validation error in DirectShow
when processing and unserializing "Stretch" objects in memory, which
could be exploited to elevate privileges and execute arbitrary code
in the context of the logged on user, or e.g. bypass Internet
Explorer's Enhanced Protected Mode (EPM) sandbox.


III. AFFECTED PRODUCTS
---------------------------

Microsoft Windows 8.1
Microsoft Windows 8
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2008 R2 Service Pack 1 and prior
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior


IV. SOLUTION
----------------

Apply MS14-041 security update.


V. CREDIT
--------------

This vulnerability was discovered by VUPEN Security.


VI. ABOUT VUPEN Security
---------------------------

VUPEN is the leading provider of defensive and offensive cyber security
intelligence and advanced zero-day research. All VUPEN's vulnerability
intelligence results exclusively from its internal and in-house R&D
efforts conducted by its team of world-class researchers.

VUPEN Solutions: http://www.vupen.com/english/services/


VII. REFERENCES
----------------------

https://technet.microsoft.com/library/security/ms14-041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2780


VIII. DISCLOSURE TIMELINE
-----------------------------

2014-01-14 - Vulnerability Discovered by VUPEN Security
2014-03-14 - Vulnerability Reported to ZDI and Microsoft During Pwn2Own 2014
2014-07-08 - Vulnerability Fixed by Microsoft
2014-07-16 - Public disclosure

Powered by blists - more mailing lists