Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft MPEG Layer-3 Codecs Stack Overflow Lets Remote Users Execute Arbitary Code
|
|
SecurityTracker Alert ID: 1023848 |
|
SecurityTracker URL: http://securitytracker.com/id/1023848
|
|
CVE Reference:
CVE-2010-0480
(Links to External Site)
|
Date: Apr 13 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2000 SP4, 2003 SP2, XP SP3, Vista SP2, 2008 SP2; and prior service packs
|
Description:
A vulnerability was reported in Microsoft MPEG Layer-3 Codecs. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted AVI file containing an MPEG Layer-3 audio stream that, when loaded by the target user, will trigger a stack overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Yamata Li of Palo Alto Networks reported this vulnerability.
|
Impact:
A remote user can create an AVI file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Microsoft Windows 2000 Service Pack 4, MPEG Layer-3 codecs:
http://www.microsoft.com/downloads/details.aspx?familyid=F6394FC2-B9D0-46CF-9265-A0D4AEB1448F
Windows XP Service Pack 2 and Windows XP Service Pack 3, MPEG Layer-3 codecs:
http://www.microsoft.com/downloads/details.aspx?familyid=B1582A74-4A7B-4540-BEB1-7C89C86EAE87
Windows XP Professional x64 Edition Service Pack 2, MPEG Layer-3 codecs:
http://www.microsoft.com/downloads/details.aspx?familyid=8AFCA317-A647-44AA-A771-5D85CD5D62EA
Windows Server 2003 Service Pack 2, MPEG Layer-3 codecs:
http://www.microsoft.com/downloads/details.aspx?familyid=9F89746C-181E-4177-A851-EC1826E78B6D
Windows Server 2003 x64 Edition Service Pack 2, MPEG Layer-3 codecs:
http://www.microsoft.com/downloads/details.aspx?familyid=B97E7EA1-A163-4CE4-8CBC-5F933773C4B2
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2, MPEG Layer-3 codecs:
http://www.microsoft.com/downloads/details.aspx?familyid=0E7140BB-42D3-48B3-9F4B-D55B17770DE8
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2, MPEG Layer-3 codecs:
http://www.microsoft.com/downloads/details.aspx?familyid=B885AEF4-3A5D-4C3E-BEF6-5EFEF2965752
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**, MPEG Layer-3 codecs:
http://www.microsoft.com/downloads/details.aspx?familyid=8E9C04C9-898F-4ED2-949D-F4343CC0D9F6
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**, MPEG Layer-3 codecs:
http://www.microsoft.com/downloads/details.aspx?familyid=D6F2E1AE-48D3-4D2C-B329-32CFF00AFEE5
A restart may be required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms10-026.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-026.mspx (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 13 Apr 2010 18:03:07 +0000
Subject: http://www.microsoft.com/technet/security/bulletin/ms10-026.mspx
|
Microsoft Security Bulletin MS10-026 - Critical: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
CVE-2010-0480
|
|
Go to the Top of This SecurityTracker Archive Page
|
