Memory Corruption Vulnerability in DirectShow, Affects Microsoft Products
CVE-2014-0301

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows Server 2008; Windows Server 2012; Windows 8.1
Vendor: CVE Published:; 12 March 2014

Summary

A double free vulnerability exists in the qedit.dll component of DirectShow in several Microsoft Windows products. This flaw allows remote attackers to exploit crafted JPEG images to execute arbitrary code. The vulnerability specifically affects multiple versions of Windows, including legacy systems like Windows XP and newer systems like Windows 8.1. A successful exploit could lead to significant security breaches, as it may allow attackers to take control of affected systems.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 12, 2014
Vulnerability Reserved
Dec 3, 2013