SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Windows Media Services Vendors:   Microsoft
Windows Media Parsing Flaws Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1035200
SecurityTracker URL:  http://securitytracker.com/id/1035200
CVE Reference:   CVE-2016-0098, CVE-2016-0101   (Links to External Site)
Date:  Mar 8 2016
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7 SP1, 2008 R2 SP1, 8.1, 2012, 2012 R2, RT 8.1, 10; and prior service packs
Description:   Two vulnerabilities were reported in Windows Media. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted media content that, when loaded by the target user, will execute arbitrary code on the target user's system.

Bruno Martinez reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix.

Windows 7 for 32-bit Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=be236751-4891-4304-b6dd-cc6297736cf9

https://www.microsoft.com/downloads/details.aspx?familyid=276a6867-b35e-4eab-a348-2a3d47c8f807

Windows 7 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=74d3bebb-4c2b-41ab-b564-5f4e51f82df6

https://www.microsoft.com/downloads/details.aspx?familyid=09b2b248-47eb-48c7-b529-088ba6b4b5fc

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=f231c5c2-a61b-47da-8610-1cfd1c88f657

https://www.microsoft.com/downloads/details.aspx?familyid=23428916-a5a5-4498-a94c-ada6fa41d8ab

Windows 8.1 for 32-bit Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=fadd68e2-82fa-470e-a19f-d117d7987349

https://www.microsoft.com/downloads/details.aspx?familyid=a4888e7c-4277-4ec2-a349-bd5cab342ea7

Windows 8.1 for x64-based Systems:

https://www.microsoft.com/downloads/details.aspx?familyid=32e170dc-4986-4cea-9d55-32b5f21acaab

https://www.microsoft.com/downloads/details.aspx?familyid=1468814b-278e-4502-9d6b-827b7850a800

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=28bb6d1f-6ef5-4499-8637-b3b51754f3ce

https://www.microsoft.com/downloads/details.aspx?familyid=a154fdfe-3804-4b11-a602-705bd9945c64

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=bf554504-ce1e-4fb9-b833-94a86c86922a

https://www.microsoft.com/downloads/details.aspx?familyid=6a275477-2109-4175-9758-e1104d8876bc

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms16-027

Vendor URL:  technet.microsoft.com/library/security/ms16-027 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2008), Windows (2012), Windows (7), Windows (8), Windows (10)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC