CVE-2014-6355Sensitive Information Exposure in Microsoft Windows Server 2008

CWE-200Sensitive Information Exposure6 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
16.2%
top 5.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Windows Server 2008Microsoft Windows Server 2012
Timeline
PublishedDec 11
Latest updateMay 14

Description

The Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly process JPEG images, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Graphics Component Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-wh49-7w4q-47wh: The Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows2022-05-14

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday for December 2014: Light Month, Some Changes2014-12-09
Talos
Microsoft Patch Tuesday for December 2014: Light Month, Some Changes2014-12-09
Zscaler
Zscaler found Security Vulnerabilities in MS Exchange Server

📄Research Papers

1
arXiv
Detile: Fine-Grained Information Leak Detection in Script Engines2020-07-06