Windows Media Player and Windows Media Center Error in Parsing '.dvr-ms' Files Lets Remote Users Execute Arbitrary Code - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Multimedia) > Windows Media Player

Vendors: Microsoft

Windows Media Player and Windows Media Center Error in Parsing '.dvr-ms' Files Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1025169

SecurityTracker URL: http://securitytracker.com/id/1025169

CVE Reference: CVE-2011-0042 (Links to External Site)

Date: Mar 8 2011

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Description: A vulnerability was reported in Windows Media Player and Windows Media Center. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted '.dvr-ms' file that, when loaded by the target user, will trigger a parsing error and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Matthew Watchinski of Sourcefire VRT reported this vulnerability.

Impact: A remote user can create a '.dvr-ms' file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued the following fixes:

Windows XP Media Center Edition 2005 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=B1BE30DE-7E88-467D-AEE2-68F88E6A7355

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=D8284BFA-ED6C-4647-9FB0-588E53173775

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=5270B5D3-3720-42A2-A8CF-67089C0CC658

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=F9F1DDE2-2219-4BF1-A497-EDD011577B96

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=E11D00DF-D1CF-4A33-A1BE-6721CDFF5995

Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=1BE77DAA-29B1-4DAE-A87F-2CB8F7E6A305

Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=56FB24CE-65C7-4573-B613-E424CCC1A3A6

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=6F45658A-1DB8-4EF5-B840-4D0180D4D90E

Windows Media Center TV Pack for Windows Vista (32-bit editions:

http://www.microsoft.com/downloads/details.aspx?familyid=1BC240B3-1938-4350-B26F-67B81A79F8A0

Windows Media Center TV Pack for Windows Vista (64-bit editions:

http://www.microsoft.com/downloads/details.aspx?familyid=CD4C5A80-DB24-4696-A248-1286C3B9F550

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms11-015.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms11-015.mspx (Links to External Site)

Cause: Not specified

Underlying OS: Windows (2008), Windows (7), Windows (Vista), Windows (XP)

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2021, SecurityGlobal.net LLC