(MS14-085) Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)
Gravedad: High
Identificadores de CVE : CVE-2014-6355
Fecha recomendada: 10 de diciembre de 2014
Descripción
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing specially crafted JPEG content. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerability by itself does not allow arbitrary code execution. However, an attacker could use this information disclosure vulnerability in conjunction with another vulnerability to bypass security features such as Address Space Layout Randomization (ASLR).
Revelación de la información
Software y versión afectados
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
- Windows 8 and Windows 8.1
- Windows Server 2012 and Windows Server 2012 R2
- Windows RT and Windows RT 8.1
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (3013126)
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (3013126)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (3013126)
- Windows Server 2012 (Server Core installation) (3013126)
- Windows Server 2012 R2 (Server Core installation) (3013126)