First published: Wed Mar 12 2014(Updated: )
Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka "DirectShow Memory Corruption Vulnerability."
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows 7 | =sp1 | |
Microsoft Windows 8.0 | ||
Microsoft Windows | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =r2-sp1 | |
Microsoft Windows Server | ||
Microsoft Windows Server | =r2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | =sp3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-0301 has a severity rating of Important as it allows remote attackers to execute arbitrary code.
To fix CVE-2014-0301, apply the security update provided by Microsoft for your affected Windows version.
CVE-2014-0301 affects Microsoft Windows XP SP2 and SP3, Windows Vista SP2, Windows 7 SP1, Windows 8, Windows 8.1, and various versions of Windows Server.
Yes, CVE-2014-0301 can be exploited remotely, allowing attackers to execute arbitrary code on vulnerable systems.
The vulnerability in CVE-2014-0301 is located in the qedit.dll file within the DirectShow component of Windows.