CVE-2014-0301

Microsoft Windows - Memory Corruption

Title source: llm

Description

Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka "DirectShow Memory Corruption Vulnerability."

References (1)

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-013

Scores

EPSS 0.2135

EPSS Percentile 95.6%

Classification

CWE

CWE-415

Status draft

Affected Products (11)

microsoft/windows_7

microsoft/windows_8

microsoft/windows_8.1

microsoft/windows_server_2003

microsoft/windows_server_2008

microsoft/windows_server_2012

microsoft/windows_vista

microsoft/windows_xp

Timeline

Published Mar 12, 2014

Tracked Since Feb 18, 2026