Memory Corruption Vulnerability in DirectShow, Affects Microsoft Products
CVE-2014-0301

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Windows Server 2008; Windows Server 2012; Windows 8.1
Vendor: CVE Published:; 12 March 2014

What is CVE-2014-0301?

A double free vulnerability exists in the qedit.dll component of DirectShow in several Microsoft Windows products. This flaw allows remote attackers to exploit crafted JPEG images to execute arbitrary code. The vulnerability specifically affects multiple versions of Windows, including legacy systems like Windows XP and newer systems like Windows 8.1. A successful exploit could lead to significant security breaches, as it may allow attackers to take control of affected systems.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

17% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2014
Vulnerability Reserved
Dec 3, 2013