فا

‫ Microsoft Windows Journal Arbitrary Code Execution Vulnerability

IRCAD2014073407

Number: IRCAD2014073407

Date: 2014/07/08

Criticality level: highly critical

Software:

Microsoft Windows 7

Microsoft Windows 8

Microsoft Windows 8.1

Microsoft Windows RT

Microsoft Windows RT 8.1

Microsoft Windows Server 2008

Microsoft Windows Server 2012

Microsoft Windows Vista

Description

A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error within Windows Journal when handling Journal (JNT) files and can be exploited to execute arbitrary code via a specially crafted file.

Successful exploitation requires Journal to be installed (not installed by default on Windows Server 2008) and, on Windows Server 2008 R2, 2012, and 2012 R2, the Ink and Handwriting Services feature to be enabled.

Solution:

Apply updates.

Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows 8 for 32-bit Systems

Windows 8 for x64-based Systems

Windows 8.1 for 32-bit Systems

Windows 8.1 for x64-based Systems

Windows Server 2012

Windows Server 2012 R2

Resources:

Microsoft (KB2975689, KB2971850, KB2974286):

secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 18 تیر 1393

امتیاز

امتیاز شما
تعداد امتیازها:0