PT-2010-3503 · Microsoft · Media Encoder+4

Publicado

2010-06-08

Atualizado

2018-10-12

CVE-2010-1879

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows Media Format Runtime versions 9 through 11 Media Encoder version 9

Description The issue allows remote attackers to execute arbitrary code via a media file with crafted compression data. This is related to an unspecified vulnerability in Quartz.dll for DirectShow and also affects the Asycfilt.dll COM component.

Recommendations For Windows Media Format Runtime versions 9 through 11, update to a version that contains a fix for this issue. For Media Encoder version 9, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of media files with crafted compression data to minimize the risk of exploitation.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2010-1879

Produtos afetados

Asycfilt.Dll

Directshow

Media Encoder

Quartz.Dll

Windows Media Format Runtime

PT-2010-3503 · Microsoft · Media Encoder+4

CVE-2010-1879

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4