CVE-2014-1817: Buffer Overflow
First published: Wed Jun 11 2014(Updated: )
usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EMF+ record in a font file, aka "Unicode Scripts Processor Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.0 | ||
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =r2-sp1 | |
| Microsoft Windows Server 2008 Itanium | =r2-sp1 | |
| Microsoft Windows Server 2012 x64 | ||
| Microsoft Windows Server 2012 x64 | =r2 | |
| Microsoft Windows Vista | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blogs.technet.com/b/srd/archive/2014/06/10/assessing-risk-for-the-june-2014-security-updates.aspx
- http://secunia.com/advisories/58583
- http://www.securityfocus.com/bid/67897
- http://www.securitytracker.com/id/1030376
- http://www.securitytracker.com/id/1030377
- http://www.securitytracker.com/id/1030378
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-036
Frequently Asked Questions
What is the severity of CVE-2014-1817?
CVE-2014-1817 is rated as a moderate severity vulnerability affecting multiple versions of Microsoft Windows and Office.
How do I fix CVE-2014-1817?
To fix CVE-2014-1817, apply the relevant security updates provided by Microsoft for your affected software versions.
Which Microsoft products are affected by CVE-2014-1817?
CVE-2014-1817 affects multiple Microsoft products including Windows Server 2003, Windows Vista, Windows 7, Windows 8, Windows 8.1, and Office 2007 and 2010.
Is CVE-2014-1817 remote exploitable?
Yes, CVE-2014-1817 could be exploited remotely due to vulnerable processing of fonts.
What types of attacks can exploit CVE-2014-1817?
CVE-2014-1817 can potentially allow attackers to execute arbitrary code through specially crafted fonts.
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows 8.0
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows server 2008 itanium
- version/microsoft windows server 2008 itanium/sp2
- version/microsoft windows server 2008 itanium/r2-sp1
- canonical/microsoft windows server 2012 x64
- version/microsoft windows server 2012 x64/r2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp2