Windows : Microsoft Bulletins : Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.900267

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS10-094.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS10-094.

Vulnerability Insight:
The flaw is present when the Windows Media Encoder incorrectly restricts
the path used for loading external libraries. An attacker could convince
a user to open a legitimate '.prx' file that is located in the same network
directory as a specially crafted dynamic link library (DLL) file.

Vulnerability Impact:
Successful exploitation will allow remote attackers to load crafted DLL
file and execute any code it contained.

Affected Software/OS:
- Microsoft Windows Media Encoder 9 with

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2003 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 1/2 and prior

- Microsoft Windows Server 2008 Service Pack 1/2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 42855
Common Vulnerability Exposure (CVE) ID: CVE-2010-3965
http://www.securityfocus.com/bid/42855
Cert/CC Advisory: TA10-348A
http://www.us-cert.gov/cas/techalerts/TA10-348A.html
Microsoft Security Bulletin: MS10-094
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-094
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12235
http://www.securitytracker.com/id?1024876
http://www.vupen.com/english/advisories/2010/3217

Copyright Copyright (C) 2010 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.900267
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS10-094.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS10-094. Vulnerability Insight: The flaw is present when the Windows Media Encoder incorrectly restricts the path used for loading external libraries. An attacker could convince a user to open a legitimate '.prx' file that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Vulnerability Impact: Successful exploitation will allow remote attackers to load crafted DLL file and execute any code it contained. Affected Software/OS: - Microsoft Windows Media Encoder 9 with - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1/2 and prior - Microsoft Windows Server 2008 Service Pack 1/2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 42855 Common Vulnerability Exposure (CVE) ID: CVE-2010-3965 http://www.securityfocus.com/bid/42855 Cert/CC Advisory: TA10-348A http://www.us-cert.gov/cas/techalerts/TA10-348A.html Microsoft Security Bulletin: MS10-094 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12235 http://www.securitytracker.com/id?1024876 http://www.vupen.com/english/advisories/2010/3217
Copyright	Copyright (C) 2010 Greenbone Networks GmbH