Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability."
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
| Link | Tags |
|---|---|
| http://www.us-cert.gov/ncas/alerts/TA14-318A | third party advisory us government resource |
| http://blog.beyondtrust.com/triggering-ms14-066 | third party advisory exploit |
| http://secunia.com/advisories/59800 | third party advisory |
| http://marc.info/?l=bugtraq&m=142384364031268&w=2 | mailing list exploit third party advisory vendor advisory |
| http://www.securityfocus.com/bid/70954 | vdb entry third party advisory |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-066 | patch vendor advisory |
| http://www.securitysift.com/exploiting-ms14-066-cve-2014-6321-aka-winshock/ | third party advisory exploit |
| http://www.kb.cert.org/vuls/id/505120 | third party advisory us government resource |