SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Windows Media Player Vendors:   Microsoft
Windows Media Player and Windows Media Center Error in Parsing '.dvr-ms' Files Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1025169
SecurityTracker URL:  http://securitytracker.com/id/1025169
CVE Reference:   CVE-2011-0042   (Links to External Site)
Date:  Mar 8 2011
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Windows Media Player and Windows Media Center. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted '.dvr-ms' file that, when loaded by the target user, will trigger a parsing error and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Matthew Watchinski of Sourcefire VRT reported this vulnerability.

Impact:   A remote user can create a '.dvr-ms' file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Windows XP Media Center Edition 2005 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=B1BE30DE-7E88-467D-AEE2-68F88E6A7355

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=D8284BFA-ED6C-4647-9FB0-588E53173775

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=5270B5D3-3720-42A2-A8CF-67089C0CC658

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=F9F1DDE2-2219-4BF1-A497-EDD011577B96

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=E11D00DF-D1CF-4A33-A1BE-6721CDFF5995

Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=1BE77DAA-29B1-4DAE-A87F-2CB8F7E6A305

Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=56FB24CE-65C7-4573-B613-E424CCC1A3A6

Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=6F45658A-1DB8-4EF5-B840-4D0180D4D90E

Windows Media Center TV Pack for Windows Vista (32-bit editions:

http://www.microsoft.com/downloads/details.aspx?familyid=1BC240B3-1938-4350-B26F-67B81A79F8A0

Windows Media Center TV Pack for Windows Vista (64-bit editions:

http://www.microsoft.com/downloads/details.aspx?familyid=CD4C5A80-DB24-4696-A248-1286C3B9F550

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms11-015.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms11-015.mspx (Links to External Site)
Cause:   Not specified
Underlying OS:  Windows (2008), Windows (7), Windows (Vista), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC