Windows : Microsoft Bulletins : Microsoft Media Decompression Remote Code Execution Vulnerability (979902)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.900246

Category: Windows : Microsoft Bulletins

Title: Microsoft Media Decompression Remote Code Execution Vulnerability (979902)

Summary: Check for the version of Directx, Media Format Runtime, Media Encoder and Hotfix

Description:

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-033.

Vulnerability Insight:
An unspecified error exists while processing media files with a specially
crafted compression data. An attacker can exploit this vulnerability by
tricking a user to open a specially crafted media file.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code.

Impact Level: System

Affected Software/OS:
DirectX, Windows Media Encoder 9 and COM component on,
Micorsoft Windows 7
Microsoft Windows 2000 SP4
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Windows Media Format Runtime 9 on,
Microsoft Windows 2000 SP4
Microsoft Windows XP Service Pack 3 and prior

Windows Media Format Runtime 9.5 on,
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior

Windows Media Format Runtime 11 on,
Microsoft Windows XP Service Pack 3 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx

References:
http://secunia.com/advisories/40058
http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx

Cross-Ref: BugTraq ID: 40432
BugTraq ID: 40464
Common Vulnerability Exposure (CVE) ID: CVE-2010-1879
Microsoft Security Bulletin: MS10-033
http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx
Cert/CC Advisory: TA10-159B
http://www.us-cert.gov/cas/techalerts/TA10-159B.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7517
Common Vulnerability Exposure (CVE) ID: CVE-2010-1880
http://osvdb.org/65222
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6641

Copyright Copyright (C) 2010 SecPod

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.900246
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Media Decompression Remote Code Execution Vulnerability (979902)
Summary:	Check for the version of Directx, Media Format Runtime, Media Encoder and Hotfix
Description:	Overview: This host is missing a critical security update according to Microsoft Bulletin MS10-033. Vulnerability Insight: An unspecified error exists while processing media files with a specially crafted compression data. An attacker can exploit this vulnerability by tricking a user to open a specially crafted media file. Impact: Successful exploitation will allow remote attackers to execute arbitrary code. Impact Level: System Affected Software/OS: DirectX, Windows Media Encoder 9 and COM component on, Micorsoft Windows 7 Microsoft Windows 2000 SP4 Microsoft Windows XP Service Pack 3 and prior Microsoft Windows 2K3 Service Pack 2 and prior Microsoft Windows Vista Service Pack 1/2 and prior. Microsoft Windows Server 2008 Service Pack 1/2 and prior. Windows Media Format Runtime 9 on, Microsoft Windows 2000 SP4 Microsoft Windows XP Service Pack 3 and prior Windows Media Format Runtime 9.5 on, Microsoft Windows XP Service Pack 3 and prior Microsoft Windows 2K3 Service Pack 2 and prior Windows Media Format Runtime 11 on, Microsoft Windows XP Service Pack 3 and prior Fix: Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx References: http://secunia.com/advisories/40058 http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx
Cross-Ref:	BugTraq ID: 40432 BugTraq ID: 40464 Common Vulnerability Exposure (CVE) ID: CVE-2010-1879 Microsoft Security Bulletin: MS10-033 http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx Cert/CC Advisory: TA10-159B http://www.us-cert.gov/cas/techalerts/TA10-159B.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7517 Common Vulnerability Exposure (CVE) ID: CVE-2010-1880 http://osvdb.org/65222 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6641
Copyright	Copyright (C) 2010 SecPod