Windows : Microsoft Bulletins : Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900267

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS10-094.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS10-094.

Vulnerability Insight:
The flaw is present when the Windows Media Encoder incorrectly restricts
the path used for loading external libraries. An attacker could convince
a user to open a legitimate '.prx' file that is located in the same network
directory as a specially crafted dynamic link library (DLL) file.

Vulnerability Impact:
Successful exploitation will allow remote attackers to load crafted DLL
file and execute any code it contained.

Affected Software/OS:
- Microsoft Windows Media Encoder 9 with

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2003 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 1/2 and prior

- Microsoft Windows Server 2008 Service Pack 1/2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3965
BugTraq ID: 42855
http://www.securityfocus.com/bid/42855
Cert/CC Advisory: TA10-348A
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
Microsoft Security Bulletin: MS10-094
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-094
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12235
http://www.securitytracker.com/id?1024876
http://www.vupen.com/english/advisories/2010/3217

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900267
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS10-094.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS10-094. Vulnerability Insight: The flaw is present when the Windows Media Encoder incorrectly restricts the path used for loading external libraries. An attacker could convince a user to open a legitimate '.prx' file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Vulnerability Impact: Successful exploitation will allow remote attackers to load crafted DLL file and execute any code it contained. Affected Software/OS: - Microsoft Windows Media Encoder 9 with - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1/2 and prior - Microsoft Windows Server 2008 Service Pack 1/2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3965 BugTraq ID: 42855 http://www.securityfocus.com/bid/42855 Cert/CC Advisory: TA10-348A http://www.us-cert.gov/cas/techalerts/TA10-348A.html Microsoft Security Bulletin: MS10-094 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12235 http://www.securitytracker.com/id?1024876 http://www.vupen.com/english/advisories/2010/3217
Copyright	Copyright (C) 2010 Greenbone AG