Schweregrad: : Alto
  Identificador(es) CVE: : CVE-2014-6355
  Data do informe: 10 dezembro 2014


This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing specially crafted JPEG content. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerability by itself does not allow arbitrary code execution. However, an attacker could use this information disclosure vulnerability in conjunction with another vulnerability to bypass security features such as Address Space Layout Randomization (ASLR).

  Exposição das informações

  Software infectado e versão:

  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8 and Windows 8.1
  • Windows Server 2012 and Windows Server 2012 R2
  • Windows RT and Windows RT 8.1
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (3013126)
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (3013126)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (3013126)
  • Windows Server 2012 (Server Core installation) (3013126)
  • Windows Server 2012 R2 (Server Core installation) (3013126)