Microsoft Windows Media Multiple Remote Code Execution Vulnerabilities
RISK: High Risk
TYPE: Operating Systems - Windows OS
MIDI Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Windows Media Player. An attacker could exploit this vulnerability by constructing a specially crafted MIDI file that could allow remote code execution when played using Windows Media Player. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
DirectShow Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that Windows handles media files. This vulnerability could allow remote code execution if a user opens a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact
- Remote Code Execution
System / Technologies affected
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
- Windows Multimedia Library
- DirectShow
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
http://technet.microsoft.com/en-us/security/bulletin/ms12-004
Vulnerability Identifier
Source
Related Link
Share with