Microsoft Graphics Component Information Disclosure Vulnerability
RISK: Medium Risk
TYPE: Clients - Graphics & Design
An information disclosure vulnerability exists in the Microsoft Graphics Component that could allow an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The vulnerability is caused when the Microsoft Graphics Component improperly handles the decoding of JPEG images in memory. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerability by itself does not allow arbitrary code execution. However, an attacker could use this information disclosure vulnerability in conjunction with another vulnerability to bypass security features such as Address Space Layout Randomization (ASLR). The security update addresses the vulnerability by changing how memory is initialized and managed when JPEG images are decoded.
Impact
- Information Disclosure
System / Technologies affected
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
- Windows 8 and Windows 8.1
- Windows Server 2012 and Windows Server 2012 R2
- Windows RT and Windows RT 8.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
https://technet.microsoft.com/en-us/library/security/MS14-085
Vulnerability Identifier
Source
Related Link
Share with