Windows : Microsoft Bulletins : Microsoft DirectShow Remote Code Execution Vulnerability (961373)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900588

Categoría: Windows : Microsoft Bulletins

Título: Microsoft DirectShow Remote Code Execution Vulnerability (961373)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS09-028.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-028.

Vulnerability Insight:
- An unspecified error in QuickTime Movie Parser Filter in quartz.dll while
processing malicious QuickTime media files may lead to memory corruption.

- Lack of validation while updating a pointer could allow code execution
via a specially crafted QuickTime file.

- An error while validating certain size fields during processing of
QuickTime media files can be exploited to corrupt memory.

Vulnerability Impact:
Attackers cam exploit this issue to execute arbitrary code and to potentially
compromise a user's system.

Affected Software/OS:
DirectX 7.0, 8.1 and 9.0 on Microsoft Windows 2000
DirectX 9.0 on Microsoft Windows XP and 2003

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 35139
Common Vulnerability Exposure (CVE) ID: CVE-2009-1537
http://www.securityfocus.com/bid/35139
Cert/CC Advisory: TA09-195A
http://www.us-cert.gov/cas/techalerts/TA09-195A.html
http://isc.sans.org/diary.html?storyid=6481
Microsoft Security Bulletin: MS09-028
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028
http://osvdb.org/54797
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237
http://www.securitytracker.com/id?1022299
http://secunia.com/advisories/35268
http://www.vupen.com/english/advisories/2009/1445
http://www.vupen.com/english/advisories/2009/1886
Common Vulnerability Exposure (CVE) ID: CVE-2009-1538
BugTraq ID: 35600
http://www.securityfocus.com/bid/35600
http://osvdb.org/55844
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5963
Common Vulnerability Exposure (CVE) ID: CVE-2009-1539
http://osvdb.org/55845
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341

Copyright Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900588
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft DirectShow Remote Code Execution Vulnerability (961373)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-028.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-028. Vulnerability Insight: - An unspecified error in QuickTime Movie Parser Filter in quartz.dll while processing malicious QuickTime media files may lead to memory corruption. - Lack of validation while updating a pointer could allow code execution via a specially crafted QuickTime file. - An error while validating certain size fields during processing of QuickTime media files can be exploited to corrupt memory. Vulnerability Impact: Attackers cam exploit this issue to execute arbitrary code and to potentially compromise a user's system. Affected Software/OS: DirectX 7.0, 8.1 and 9.0 on Microsoft Windows 2000 DirectX 9.0 on Microsoft Windows XP and 2003 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 35139 Common Vulnerability Exposure (CVE) ID: CVE-2009-1537 http://www.securityfocus.com/bid/35139 Cert/CC Advisory: TA09-195A http://www.us-cert.gov/cas/techalerts/TA09-195A.html http://isc.sans.org/diary.html?storyid=6481 Microsoft Security Bulletin: MS09-028 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028 http://osvdb.org/54797 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6237 http://www.securitytracker.com/id?1022299 http://secunia.com/advisories/35268 http://www.vupen.com/english/advisories/2009/1445 http://www.vupen.com/english/advisories/2009/1886 Common Vulnerability Exposure (CVE) ID: CVE-2009-1538 BugTraq ID: 35600 http://www.securityfocus.com/bid/35600 http://osvdb.org/55844 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5963 Common Vulnerability Exposure (CVE) ID: CVE-2009-1539 http://osvdb.org/55845 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341
Copyright	Copyright (C) 2009 Greenbone Networks GmbH