Oval Definition:oval:org.mitre.oval:def:25213
Revision Date:2014-08-18Version:47
Title:Win32k Elevation of Privilege Vulnerability - CVE-2014-2781 (MS14-039)
Description:Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly restrict the exchange of keyboard and mouse data between programs at different integrity levels, which allows attackers to bypass intended access restrictions by leveraging control over a low-integrity process to launch the On-Screen Keyboard (OSK) and then upload a crafted application, aka "On-Screen Keyboard Elevation of Privilege Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-2781
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Product(s):
Definition Synopsis
  • Vista / 2k8 + vulnerable file version
  • Vista / 2K8
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND Check for vulnerable version
  • Check if the version of win32k.sys is less than 6.0.6002.19119
  • OR Check for LDR
  • Check if the version of Win32k.sys is greater than or equal to 6.0.6002.23000
  • AND Check if the version of win32k.sys is less than 6.0.6002.23420
  • OR Win 7 / R2 + vulnerable file version
  • Win 7 / R2
  • Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
  • AND Check for vulnerable version
  • Check if the version of win32k.sys is less than 6.1.7601.18512
  • OR Check for LDR
  • Check if the version of Win32k.sys is greater than or equal to 6.1.7601.22000
  • AND Check if the version of win32k.sys is less than 6.1.7601.22722
  • OR Win 8/2k12 and vulnerable file version
  • Win 8 / 2k12
  • Microsoft Windows 8 (x86) is installed
  • OR Microsoft Windows 8 (x64) is installed
  • OR Microsoft Windows Server 2012 (64-bit) is installed
  • AND Check for vulnerable version
  • Check if the version of win32k.sys is less than 6.2.9200.17025
  • OR Check for LDR
  • Check if the version of Win32k.sys is greater than or equal to 6.2.9200.21000
  • AND Check if the version of Win32k.sys is less than 6.2.9200.21142
  • OR Win 8.1 / 2K12 R2and vulnerable file version
  • Win 8.1 / 2k12 R2
  • Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • AND Check for with update and without update
  • Check if the version of win32k.sys is less than 6.3.9600.16671
  • OR kb2973201 and kb2919355
  • Check if the version of Win32k.sys is greater than or equal to 6.3.9600.17031
  • AND Check if the version of Win32k.sys is less than 6.3.9600.17200
    • BACK