9.3 - MS14-036

Executive Summary

Summary
Title	Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487)

Informations
Name	MS14-036	First vendor Publication	2014-06-10
Vendor	Microsoft	Last vendor Modification	2014-08-12
Severity (Vendor)	Critical	Revision	2.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Critical
Revision Note: V2.0 (August 12, 2014): Rereleased bulletin to announce the offering of update 2881071 to replace update 2767915 for systems running Microsoft Office 2010 Service Pack 1 or Microsoft Office 2010 Service Pack 2. See the Update FAQ for details.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerabilities could allow remote code execution if a user opens a specially crafted file or webpage. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Original Source

Url : https://technet.microsoft.com/en-us/library/security/MS14-036

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
50 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24455

Oval ID:	oval:org.mitre.oval:def:24455
Title:	Remote code execution in Microsoft Office products (CVE-2014-1818) - MS14-036
Description:	GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code via a crafted EMF+ record in an image file, aka "GDI+ Image Parsing Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-1818	Version:	7
Platform(s):	Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Microsoft Lync 2010 Microsoft Live Meeting Console 2007 Microsoft Lync Basic 2013 Microsoft Office 2007 Microsoft Lync 2010 Attendee Microsoft Office 2010
Definition Synopsis:
server 2003/version x86/x64/ia-64 Microsoft Windows Server 2003 for Itanium is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND either file versions Check if the version of usp10.dll is less than 1.422.3790.5340 AND Check if the version of gdiplus.dll is less than 5.2.6002.23386 OR vista/2008/versions vista/2008 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND either file versions ldr range Check if the version of gdiplus.dll is less than 5.2.6002.23386 AND Check if the version of gdiplus.dll is greater than or equal to 5.2.6002.23000 AND Check if the version of gdiplus.dll is less than 5.2.6002.19096 AND Check if the version of usp10.dll is less than 1.626.6002.19096 OR ldr range Check if the version of usp10.dll is less than 1.626.6002.23386 AND Check if the version of Usp10.dll is greater than or equal to 1.626.6002.23000 OR win 7/2008 r2/versions win 7/2008 r2 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND either file versions Check if the version of usp10.dll is less than 1.626.7601.18454 AND Check if the version of gdiplus.dll is less than 6.1.7601.18455 OR ldr range Check if the version of usp10.dll is less than 1.626.7601.22666 AND Check if the version of usp10.dll is greater than or equal to 1.626.7601.22000 OR ldr range Check if the version of gdiplus.dll is less than 6.1.7601.22667 AND Check if the version of Gdiplus.dll is greater than or equal to 6.1.7601.22000 OR win 8/2012/versions win 8/2012 Microsoft Windows 8 (x86) is installed AND Microsoft Windows 8 (x64) is installed AND Microsoft Windows Server 2012 is installed AND gdr/ldr Check if the version of gdi32.dll is less than 6.2.9200.16909 OR ldr range Check if the version of gdi32.dll is less than 6.2.9200.21032 AND Check if the version of gdi32.dll is greater than or equal to 6.2.9200.21000 OR win 8.1/2012 r2/versions win 8.1/2012 r2 Microsoft Windows 8.1 (x86) is installed AND Microsoft Windows 8.1 (x64) is installed AND Microsoft Windows Server 2012 R2 is installed AND either file versions Check if the version of gdi32.dll is less than 6.3.9600.17111 AND Check if the version of dwrite.dll is less than 6.3.9600.17111 OR office 2007/version Microsoft Office 2007 SP3 is installed AND either versions Check if the version of Ogl.dll is less than 12.0.6700.5000 AND Check if the version of usp10.dll is less than 1.626.6002.23386 OR office 2010/version either file versions Check if the version of Ogl.dll is less than 14.0.7125.5000 OR server 2003/file Check if the version of usp10.dll is less than 1.626.7601.22666 AND Microsoft Windows Server 2003 for Itanium is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 for Itanium is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND 2010 sp1/sp2 Microsoft Office 2010 SP1 is installed AND Microsoft Office 2010 SP2 is installed OR lync 2010/version Microsoft Lync 2010 is installed AND Check if the version of Ogl.dll (Lync 2010) is less than 4.0.7577.4446 OR lync 2010 attendee (user)/version Microsoft Lync 2010 Attendee (user level install) is installed AND Check if the version of Ogl.dll (user level) is less than 4.0.7577.4446 OR lync 2010 attendee (admin)/version Microsoft Lync 2010 Attendee (admin level install) is installed AND Check if the version of Ogl.dll (admin level) is less than 4.0.7577.4446 OR lync basic 2013/version basic 2013/sp1 Microsoft Lync Basic 2013 is installed AND Microsoft Lync Basic 2013 SP1 is installed AND Check if the version of OCAPIRES.DLL is less than 15.0.4569.1000 OR live meeting 2007/version Microsoft Live Meeting 2007 Console is installed AND Check if the version of Collaborate.dll is less than 8.0.6362.264

Definition Id: oval:org.mitre.oval:def:24885

Oval ID:	oval:org.mitre.oval:def:24885
Title:	Remote code execution in Microsoft Office products (CVE-2014-1817) - MS14-036
Description:	usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EMF+ record in a font file, aka "Unicode Scripts Processor Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-1817	Version:	7
Platform(s):	Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Microsoft Lync 2010 Microsoft Live Meeting Console 2007 Microsoft Lync Basic 2013 Microsoft Office 2007 Microsoft Lync 2010 Attendee Microsoft Office 2010
Definition Synopsis:
server 2003/version x86/x64/ia-64 Microsoft Windows Server 2003 for Itanium is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND either file versions Check if the version of usp10.dll is less than 1.422.3790.5340 AND Check if the version of gdiplus.dll is less than 5.2.6002.23386 OR vista/2008/versions vista/2008 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND either file versions ldr range Check if the version of gdiplus.dll is less than 5.2.6002.23386 AND Check if the version of gdiplus.dll is greater than or equal to 5.2.6002.23000 AND Check if the version of gdiplus.dll is less than 5.2.6002.19096 AND Check if the version of usp10.dll is less than 1.626.6002.19096 OR ldr range Check if the version of usp10.dll is less than 1.626.6002.23386 AND Check if the version of Usp10.dll is greater than or equal to 1.626.6002.23000 OR win 7/2008 r2/versions win 7/2008 r2 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND either file versions Check if the version of usp10.dll is less than 1.626.7601.18454 AND Check if the version of gdiplus.dll is less than 6.1.7601.18455 OR ldr range Check if the version of usp10.dll is less than 1.626.7601.22666 AND Check if the version of usp10.dll is greater than or equal to 1.626.7601.22000 OR ldr range Check if the version of gdiplus.dll is less than 6.1.7601.22667 AND Check if the version of Gdiplus.dll is greater than or equal to 6.1.7601.22000 OR win 8/2012/versions win 8/2012 Microsoft Windows 8 (x86) is installed AND Microsoft Windows 8 (x64) is installed AND Microsoft Windows Server 2012 is installed AND gdr/ldr Check if the version of gdi32.dll is less than 6.2.9200.16909 OR ldr range Check if the version of gdi32.dll is less than 6.2.9200.21032 AND Check if the version of gdi32.dll is greater than or equal to 6.2.9200.21000 OR win 8.1/2012 r2/versions win 8.1/2012 r2 Microsoft Windows 8.1 (x86) is installed AND Microsoft Windows 8.1 (x64) is installed AND Microsoft Windows Server 2012 R2 is installed AND either file versions Check if the version of gdi32.dll is less than 6.3.9600.17111 AND Check if the version of dwrite.dll is less than 6.3.9600.17111 OR office 2007/version Microsoft Office 2007 SP3 is installed AND either versions Check if the version of usp10.dll is less than 1.626.6002.23386 AND Check if the version of Ogl.dll is less than 12.0.6700.5000 OR office 2010/version either file versions Check if the version of Ogl.dll is less than 14.0.7125.5000 OR server 2003/file Check if the version of usp10.dll is less than 1.626.7601.22666 AND either os Microsoft Windows Server 2003 for Itanium is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 for Itanium is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND 2010 sp1/sp2 Microsoft Office 2010 SP1 is installed AND Microsoft Office 2010 SP2 is installed OR lync 2010/version Microsoft Lync 2010 is installed AND Check if the version of Ogl.dll (Lync 2010) is less than 4.0.7577.4446 OR lync 2010 attendee (user)/version Microsoft Lync 2010 Attendee (user level install) is installed AND Check if the version of Ogl.dll (user level) is less than 4.0.7577.4446 OR lync 2010 attendee (admin)/version Microsoft Lync 2010 Attendee (admin level install) is installed AND Check if the version of Ogl.dll (admin level) is less than 4.0.7577.4446 OR lync basic 2013/version basic 2013/sp1 Microsoft Lync Basic 2013 is installed AND Microsoft Lync Basic 2013 SP1 is installed AND Check if the version of OCAPIRES.DLL is less than 15.0.4569.1000 OR live meeting 2007/version Microsoft Live Meeting 2007 Console is installed AND Check if the version of Collaborate.dll is less than 8.0.6362.264

CPE : Common Platform Enumeration

Type	Description	Count
Os	Microsoft Windows 7 cpe:2.3:o:microsoft:windows_7:-:sp1::::::	1
Os	Microsoft Windows 8 cpe:2.3:o:microsoft:windows_8:-:::::::*	1
Os	Microsoft Windows 8.1 cpe:2.3:o:microsoft:windows_8.1:-:::::::*	1
Os	Microsoft Windows Rt cpe:2.3:o:microsoft:windows_rt:-:::::::*	1
Os	Microsoft Windows Rt 8.1 cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*	1
Os	Microsoft Windows Server 2003 cpe:2.3:o:microsoft:windows_server_2003:-:sp2::::::	1
Os	Microsoft Windows Server 2008 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:* cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::itanium:* cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::	3
Os	Microsoft Windows Server 2012 cpe:2.3:o:microsoft:windows_server_2012:r2:::::::* cpe:2.3:o:microsoft:windows_server_2012:-:::::::*	2
Os	Microsoft Windows Vista cpe:2.3:o:microsoft:windows_vista:-:sp2::::::	1

Information Assurance Vulnerability Management (IAVM)

Date	Description
2014-06-12	IAVM : 2014-A-0080 - Multiple Vulnerabilities in Microsoft Graphics Component Severity : Category II - VMSKEY : V0052491

Nessus® Vulnerability Scanner

Date	Description
2014-06-11	Name : The remote Windows host is affected by multiple remote code execution vulnera... File : smb_nt_ms14-036.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2018-10-13 05:21:17	Multiple Updates
2016-09-09 21:24:35	Multiple Updates
2016-04-27 02:06:18	Multiple Updates
2014-08-12 21:29:07	Multiple Updates
2014-08-12 21:17:01	Multiple Updates
2014-07-29 00:25:11	Multiple Updates
2014-07-29 00:16:11	Multiple Updates
2014-06-17 21:28:33	Multiple Updates
2014-06-17 21:17:06	Multiple Updates
2014-06-16 05:23:18	Multiple Updates
2014-06-11 21:28:07	Multiple Updates
2014-06-11 13:24:42	Multiple Updates
2014-06-11 09:25:43	Multiple Updates
2014-06-10 21:28:13	Multiple Updates
2014-06-10 21:18:23	First insertion

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	2
CPE ID(s)	12
IAVM(s)	1
Nessus® Exploit(s)	1

	Related
10	MS14-066
10	MS14-057
10	MS14-037
10	MS14-035
10	MS14-026
10	MS14-021
10	MS14-008
9.3	MS16-148
9.3	MS16-097
9.3	MS15-130
9.3	MS15-097
9.3	MS15-044
9.3	MS14-084
9.3	MS14-083
9.3	MS14-082
9.3	MS14-081
9.3	MS14-080
9.3	MS14-078
9.3	MS14-072
9.3	MS14-069
9.3	MS14-067
9.3	MS14-065
9.3	MS14-064
9.3	MS14-061
9.3	MS14-060
9.3	MS14-058
9.3	MS14-056
9.3	MS14-052
9.3	MS14-051
9.3	MS14-050
9.3	MS14-048
9.3	MS14-038
9.3	MS14-034
9.3	MS14-029
9.3	MS14-023
9.3	MS14-020
9.3	MS14-018
9.3	MS14-017
9.3	MS14-013
9.3	MS14-012
9.3	MS14-011
9.3	MS14-010
9.3	MS14-009
9.3	MS14-007
9.3	MS14-001
9.3	MS13-096
9.3	MS13-089
9.3	MS13-060
9.3	MS13-054
9.3	MS10-063
9.3	CVE-2014-1818
9.3	CVE-2014-1817
9	MS14-068
9	MS14-025
9	MS14-022
7.8	MS14-006
7.6	MS14-039
7.5	MS14-047
7.2	MS15-072
7.2	MS14-070
7.2	MS14-063
7.2	MS14-062
7.2	MS14-054
7.2	MS14-049
7.2	MS14-045
7.2	MS14-040
7.2	MS14-027
7.2	MS14-015
7.2	MS14-003
7.2	MS14-002
7.1	MS14-079
7.1	MS14-014
7.1	MS14-005
6.9	MS14-041
6.9	MS14-019
6.8	MS14-044
6.8	MS14-043
6.8	MS14-024
5.4	MS14-016
5.1	MS14-076
5.1	MS14-030
5	MS14-085
5	MS14-077
5	MS14-075
5	MS14-055
5	MS14-053
5	MS14-031
5	MS14-028
4.3	MS14-074
4.3	MS14-073
4.3	MS14-071
4.3	MS14-059
4.3	MS14-046
4.3	MS14-033
4.3	MS14-032
4	MS14-042
4	MS14-004
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 97 more Alert(s)

9.3 - MS14-036

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU