Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Windows Media Decompression Components Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1024069 |
|
SecurityTracker URL: http://securitytracker.com/id?1024069
|
|
CVE Reference:
CVE-2010-1879, CVE-2010-1880
(Links to External Site)
|
Date: Jun 8 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2000 SP4, 2003 SP2, Vista SP2, 2008 SP2, 2008 R2, XP SP3, 7; and prior service packs
|
Description:
A vulnerability was reported in Windows Media Decompression components. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted media file (or streaming content) that, when loaded by the target user, will execute arbitrary code on the target system [CVE-2010-1879]. The code will run with the privileges of the target user.
MJPEG processing is also affected [CVE-2010-1880].
Microsoft DirectX and Microsoft DirectShow components are affected.
Yamata Li of Palo Alto Networks reported this vulnerability.
|
Impact:
A remote user can create a file or content that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Microsoft Windows 2000 Service Pack 4, Quartz.dll (DirectShow) (DirectX 9):
http://www.microsoft.com/downloads/details.aspx?familyid=A51C53BD-F9C1-4D53-8ED2-034FD57BC75A
Microsoft Windows 2000 Service Pack 4, Windows Media Format Runtime 9:
http://www.microsoft.com/downloads/details.aspx?familyid=8417C0AC-BB6D-48F1-8237-77A4BDD8CCB2
Microsoft Windows 2000 Service Pack 4, Windows Media Encoder 9 x86:
http://www.microsoft.com/downloads/details.aspx?familyid=5B5398C1-5B30-4162-95B6-948D9BE103BF
Microsoft Windows 2000 Service Pack 4, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=1F929739-08A1-4FAF-9CCF-5F1F43C5BB9E
Windows XP Service Pack 2 and Windows XP Service Pack 3, Quartz.dll (DirectShow):
http://www.microsoft.com/downloads/details.aspx?familyid=E77D5AF8-E8E0-425C-A809-4CF274E17CC5
Windows XP Service Pack 2, Windows Media Format Runtime 9, Windows Media Format Runtime 9.5 and Windows Media Format Runtime 11:
http://www.microsoft.com/downloads/details.aspx?familyid=BF8B9B46-BA28-4F48-9DAC-6A90B7D592D3
Windows XP Service Pack 3, Windows Media Format Runtime 9, Windows Media Format Runtime 9.5 and Windows Media Format Runtime 11:
http://www.microsoft.com/downloads/details.aspx?familyid=EBBCCD82-C637-4C88-86EA-D39AE713C085
Windows XP Service Pack 2 and Windows XP Service Pack 3, Windows Media Encoder 9 x86:
http://www.microsoft.com/downloads/details.aspx?familyid=5B5398C1-5B30-4162-95B6-948D9BE103BF
Windows XP Service Pack 2 and Windows XP Service Pack 3, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=55C05CB8-AA6C-460B-9AA7-084842DAB280
Windows XP Professional x64 Edition Service Pack 2, Quartz.dll (DirectShow):
http://www.microsoft.com/downloads/details.aspx?familyid=7914FDAE-9A7A-4A10-8CE7-C621EB903452
Windows XP Professional x64 Edition Service Pack 2, Windows Media Format Runtime 9.5:
http://www.microsoft.com/downloads/details.aspx?familyid=B56839E3-E7D3-48DA-B90C-D403D8DBEED2
Windows XP Professional x64 Edition Service Pack 2, Windows Media Encoder 9 x86:
http://www.microsoft.com/downloads/details.aspx?familyid=94C654F0-F70F-4FBD-84DE-797BE20FC3B9
Windows XP Professional x64 Edition Service Pack 2, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=C110D26E-9A1E-4E47-9CE2-4068F2733A2F
Windows Server 2003 Service Pack 2, Quartz.dll (DirectShow):
http://www.microsoft.com/downloads/details.aspx?familyid=FC15C43B-D48F-4872-8F9D-ED973170DB9A
Windows Server 2003 Service Pack 2, Windows Media Format Runtime 9.5:
http://www.microsoft.com/downloads/details.aspx?familyid=BB580E94-8C02-46F1-B7F6-E7D4373CB1C5
Windows Server 2003 Service Pack 2, Windows Media Encoder 9 x86:
http://www.microsoft.com/downloads/details.aspx?familyid=5B5398C1-5B30-4162-95B6-948D9BE103BF
Windows Server 2003 Service Pack 2, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=0DDF95AC-DD49-4CB1-B6F6-BD4E987B0F06
Windows Server 2003 x64 Edition Service Pack 2, Quartz.dll (DirectShow):
http://www.microsoft.com/downloads/details.aspx?familyid=D28ECDF7-9FD4-437E-9DB7-C6B579248ABE
Windows Server 2003 x64 Edition Service Pack 2, Windows Media Format Runtime 9.5:
http://www.microsoft.com/downloads/details.aspx?familyid=41FAF16F-C7A8-4CE0-B388-A65478576163
Windows Server 2003 x64 Edition Service Pack 2, Windows Media Encoder 9 x86:
http://www.microsoft.com/downloads/details.aspx?familyid=94C654F0-F70F-4FBD-84DE-797BE20FC3B9
Windows Server 2003 x64 Edition Service Pack 2, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=77B1D55C-B015-4863-AAB0-6463B90D4BF7
Windows Server 2003 with SP2 for Itanium-based Systems, Quartz.dll (DirectShow):
http://www.microsoft.com/downloads/details.aspx?familyid=7F101F4C-DCC8-474C-A844-FE0C45D6697C
Windows Server 2003 with SP2 for Itanium-based Systems, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=F34BC115-022B-46B0-9517-806BD0FC73C5
Windows Vista Service Pack 1, Quartz.dll (DirectShow):
http://www.microsoft.com/downloads/details.aspx?familyid=B64107F2-990A-42DF-A75A-5BF371709FD6
Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=75E4C9CB-A55A-4E2A-9C97-60A40353CAE3
Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Windows Media Encoder 9 x86:
http://www.microsoft.com/downloads/details.aspx?familyid=9FAB91DA-1528-4DF9-A2DD-90E57A3C24CF
Windows Vista x64 Edition Service Pack 1, Quartz.dll (DirectShow):
http://www.microsoft.com/downloads/details.aspx?familyid=0754ADDB-2F04-45C9-8594-174B8B8B297C
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=C9F033F6-F587-494D-B968-1316F1DEED06
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Windows Media Encoder 9 x86:
http://www.microsoft.com/downloads/details.aspx?familyid=63bba49e-6d80-47b3-b109-fa9b2392af4f
Windows Server 2008 for 32-bit Systems, Quartz.dll (DirectShow):
http://www.microsoft.com/downloads/details.aspx?familyid=18FD814B-51F3-470B-A5BD-97BE752298D9
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=5C5E2DFC-0078-4F2A-9C2E-75E45BB7638E
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Media Encoder 9 x86:
http://www.microsoft.com/downloads/details.aspx?familyid=1ce1e47f-b1c3-4480-bafd-74f8b12e2171
Windows Server 2008 for x64-based Systems, Quartz.dll (DirectShow):
http://www.microsoft.com/downloads/details.aspx?familyid=4E40DA51-23EE-44F0-9EA0-99BDA8CCA731
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=BFC0B62C-2D79-48DD-896F-D05057C02E8C
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2, Windows Media Encoder 9 x86:
http://www.microsoft.com/downloads/details.aspx?familyid=93cc5ace-6382-4a2f-875b-9348b7e198a6
Windows Server 2008 for Itanium-based Systems, Quartz.dll (DirectShow):
http://www.microsoft.com/downloads/details.aspx?familyid=120C68F5-4575-4E2A-912A-EED52736C403
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=6E5753AB-848D-475F-917D-BA70F70B65F5
Windows 7 for 32-bit Systems, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=63567E99-087D-4804-953A-F23BDEBA7772
Windows 7 for x64-based Systems, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=6C261DBF-14C6-4071-8523-E8BA8059FA54
Windows Server 2008 R2 for x64-based Systems, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=1331F2BC-7479-4BE7-A413-52AFB488A330
Windows Server 2008 R2 for Itanium-based Systems, Asycfilt.dll (COM component):
http://www.microsoft.com/downloads/details.aspx?familyid=7A1EE54F-3F73-4557-9071-5AF236E70937
A restart may be required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-033.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 08 Jun 2010 17:28:35 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx
|
Microsoft Security Bulletin MS10-033 - Critical: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
CVE-2010-1879
CVE-2010-1880
|
|
Go to the Top of This SecurityTracker Archive Page
|
