CVE-2014-0263
published 2014-02-12CVE-2014-0263: The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT…
PriorityP259critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
18.88%
96.9th percentile
The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a large 2D geometric figure that is encountered with Internet Explorer, aka "Microsoft Graphics Component Memory Corruption Vulnerability."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | camel | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_apache5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gc5p-9g3q-56p6: The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8
ghsa_unreviewed·2022-05-14
CVE-2014-0263 [HIGH] CWE-119 GHSA-gc5p-9g3q-56p6: The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8
The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a large 2D geometric figure that is encountered with Internet Explorer, aka "Microsoft Graphics Component Memory Corruption Vulnerability."
Apache
Apache camel: CVE-2015-0263
vendor_apache·CVSS 5.0
CVE-2015-0263 [MEDIUM] Apache camel: CVE-2015-0263
Apache camel: CVE-2015-0263
2.13.0 up to 2.13.3, 2.14.0 up to 2.14.1 2.13.4, 2.14.2, 2.15.0 and newer MEDIUM The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration. 2014
Severity: medium
No detection rules found.
No public exploits indexed.
Talos
Microsoft Update Tuesday: February 2014, huge fix for Internet Explorer
blogs_talos·2014-02-11·CVSS 9.3
[CRITICAL] Microsoft Update Tuesday: February 2014, huge fix for Internet Explorer
The Microsoft Updates are pretty significant this month. Internet Explorer, which was missing from the updates for the first time in a long time last month is back with a whopping 24 vulnerabilities. Besides the IE bulletin, there’s six more bulletins, 4 of which are rated critical and 3 of which are rated important. All-in-all, this Update Tuesday provides fixes for 32 CVEs. The list of bulletins below is ordered by rating rather than number (i.e., the same ordering as used here: https://technet.microsoft.com/en-us/security/bulletin/ms14-feb).
The first bulletin, MS14-010, deals with IE and is rated critical and provides fixes for 24 CVEs. As is usual, most of the vulnerabilities are the result of use-after-free vulnerabilities. Most of the vulnerabilities were reported privately to Micr
Talos
Microsoft Update Tuesday: February 2014, huge fix for Internet Explorer
blogs_talos·2014-02-11·CVSS 9.3
[CRITICAL] Microsoft Update Tuesday: February 2014, huge fix for Internet Explorer
## Microsoft Update Tuesday: February 2014, huge fix for Internet Explorer
The Microsoft Updates are pretty significant this month. Internet Explorer, which was missing from the updates for the first time in a long time last month is back with a whopping 24 vulnerabilities. Besides the IE bulletin, there’s six more bulletins, 4 of which are rated critical and 3 of which are rated important. All-in-all, this Update Tuesday provides fixes for 32 CVEs. The list of bulletins below is ordered by rating rather than number (i.e., the same ordering as used here: https://technet.microsoft.com/en-us/security/bulletin/ms14-feb).
The first bulletin, MS14-010 , deals with IE and is rated critical and provides fixes for 24 CVEs. As is usual, most of the vulnerabilities are the result of use-after-free
Zscaler
Zscaler found Multiple Security Vulnerabilities | 02-11-2014
blogs_zscaler
Zscaler found Multiple Security Vulnerabilities | 02-11-2014
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://osvdb.org/103160http://secunia.com/advisories/56781http://www.securityfocus.com/bid/65393http://www.securitytracker.com/id/1029743https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-007http://osvdb.org/103160http://secunia.com/advisories/56781http://www.securityfocus.com/bid/65393http://www.securitytracker.com/id/1029743https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-007
2014-02-12
Published