Skip to main content

Microsoft Windows Media Multiple Vulnerabilities

Last Update Date: 9 Mar 2011 09:54 Release Date: 9 Mar 2011 6032 Views

RISK: High Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video
  1. A remote code execution vulnerability exists in the way that Microsoft DirectShow handles the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  2. A remote code execution vulnerability exists in the way that Windows Media Player and Windows Media Center handle .dvr-ms files. This vulnerability could allow an attacker to execute arbitrary code if the attacker convinces a user to open a specially crafted .dvr-ms file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Impact

  • Remote Code Execution

System / Technologies affected

  • Windows XP Media Center Edition 2005 Service Pack 3
  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Vista Service Pack 1 and Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
  • Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Media Center TV Pack for Windows Vista (32-bit editions)
  • Windows Media Center TV Pack for Windows Vista (64-bit editions)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link