===================================================================== CERT-Renater Note d'Information No. 2014/VULN157 _____________________________________________________________________ DATE : 12/08/2014 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows version 7, 8, 8.1 running Windows Media Center. ====================================================================== KB2978742 https://technet.microsoft.com/library/security/ms14-043 ______________________________________________________________________ Microsoft Security Bulletin MS14-043 - Critical Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742) Published: August 12, 2014 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that invokes Windows Media Center resources. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. This security update is rated Critical for all supported editions of Windows Media Center TV Pack for Windows Vista, all supported editions of Windows 7 except Starter and Home Basic editions, Windows Media Center when installed on Windows 8 Professional edition, and Windows Media Center when installed on Windows 8.1 Professional edition. Affected Software Windows 7 for 32-bit Systems Service Pack 1 (all editions except Starter and Home Basic editions) (2978742) Windows 7 for x64-based Systems Service Pack 1 (all editions except Starter and Home Basic editions) (2978742) Windows 8 for 32-bit Systems (Professional edition only) Windows 8 for x64-based Systems (Professional edition only) Windows 8.1 for 32-bit Systems (Professional edition only) Windows 8.1 for x64-based Systems (Professional edition only) Windows Media Center TV Pack for Windows Vista (32-bit editions) (2978742) Windows Media Center TV Pack for Windows Vista (64-bit editions) (2978742) Vulnerability Information CSyncBasePlayer Use After Free Vulnerability - CVE-2014-4060 A remote code execution vulnerability exists in Windows Media Center, which could be exploited by convincing a user to open a specially crafted Microsoft Office file. To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2014-4060. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================