PT-2010-3503 · Microsoft · Media Encoder+4

Published

2010-06-08

Updated

2018-10-12

CVE-2010-1879

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows Media Format Runtime versions 9 through 11 Media Encoder version 9

Description The issue allows remote attackers to execute arbitrary code via a media file with crafted compression data. This is related to an unspecified vulnerability in Quartz.dll for DirectShow and also affects the Asycfilt.dll COM component.

Recommendations For Windows Media Format Runtime versions 9 through 11, update to a version that contains a fix for this issue. For Media Encoder version 9, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of media files with crafted compression data to minimize the risk of exploitation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2010-1879

Affected Products

Asycfilt.Dll

Directshow

Media Encoder

Quartz.Dll

Windows Media Format Runtime

PT-2010-3503 · Microsoft · Media Encoder+4

CVE-2010-1879

Weakness Enumeration

Related Identifiers

Affected Products

References · 4