CVE-2014-2780

2014-07-0822:55:06

CWE-264

[email protected]

web.nvd.nist.gov

cve

2014

2780

directshow

privilege escalation

windows vista

windows 7

windows 8

windows server

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.056 Low

EPSS

Percentile

93.3%

JSON

DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka “DirectShow Elevation of Privilege Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_7Match-sp1

microsoftwindows_8Match-

microsoftwindows_8.1Match-

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Matchr2sp1x64

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

microsoftwindows_vistaMatch-sp2

CPENameOperatorVersion
microsoft:windows_7microsoft windows 7eq-
microsoft:windows_8microsoft windows 8eq-
microsoft:windows_8.1microsoft windows 8.1eq-
microsoft:windows_server_2008microsoft windows server 2008eq-
microsoft:windows_server_2008microsoft windows server 2008eqr2
microsoft:windows_server_2012microsoft windows server 2012eq-
microsoft:windows_server_2012microsoft windows server 2012eqr2
microsoft:windows_vistamicrosoft windows vistaeq-

CPE	Name	Operator	Version
microsoft:windows_7	microsoft windows 7	eq	-
microsoft:windows_8	microsoft windows 8	eq	-
microsoft:windows_8.1	microsoft windows 8.1	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	r2
microsoft:windows_server_2012	microsoft windows server 2012	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2
microsoft:windows_vista	microsoft windows vista	eq	-