Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 Greenbone Networks GmbHOPENVAS:1361412562310901163
HistoryOct 13, 2010 - 12:00 a.m.

Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111))

2010-10-1300:00:00
Copyright (C) 2010 Greenbone Networks GmbH
plugins.openvas.org
22

6.4 Medium

AI Score

Confidence

Low

0.945 High

EPSS

Percentile

99.2%

JSON

This host is missing a critical security update according to
Microsoft Bulletin MS10-082.

# Copyright (C) 2010 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.901163");
  script_version("2022-05-02T09:35:37+0000");
  script_tag(name:"last_modification", value:"2022-05-02 09:35:37 +0000 (Mon, 02 May 2022)");
  script_tag(name:"creation_date", value:"2010-10-13 17:10:12 +0200 (Wed, 13 Oct 2010)");
  script_cve_id("CVE-2010-2745");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_name("Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111))");
  script_xref(name:"URL", value:"http://support.microsoft.com/kb/2378111");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/43772");
  script_xref(name:"URL", value:"http://www.vupen.com/english/advisories/2010/2629");
  script_xref(name:"URL", value:"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-082");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("secpod_reg_enum.nasl");
  script_require_ports(139, 445);
  script_mandatory_keys("SMB/registry_enumerated");

  script_tag(name:"impact", value:"Successful exploitation will allow the attacker to execute arbitrary code in
  the context of the user running the application, which can compromise the
  application and possibly the system.");
  script_tag(name:"affected", value:"- Microsoft Windows 7

  - Microsoft Windows Media Player 10

  - Microsoft Windows Media Player 11

  - Microsoft Windows Media Player 12

  - Microsoft Windows Media Player 9 Series

  - Microsoft Windows XP Service Pack 3 and prior

  - Microsoft Windows 2K3 Service Pack 2 and prior

  - Microsoft Windows Vista Service Pack 2 and prior

  - Microsoft Windows Server 2008 Service Pack 2 and prior");
  script_tag(name:"insight", value:"The flaw is caused by a memory corruption error in Windows Media Player when
  deallocating objects during a reload operation via a web browser, which could
  allow attackers to execute arbitrary code by convincing a user to visit a
  specially crafted web page.");
  script_tag(name:"solution", value:"The vendor has released updates. Please see the references for more information.");
  script_tag(name:"summary", value:"This host is missing a critical security update according to
  Microsoft Bulletin MS10-082.");
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name:"URL", value:"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-082");
  exit(0);
}

include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3, win7:1) <= 0){
  exit(0);
}

## MS10-082 Hotfix (2378111)
if(hotfix_missing(name:"2378111") == 0){
  exit(0);
}

sysPath = smb_get_systemroot();
if(!sysPath ){
  exit(0);
}

dllPath = sysPath + "\system32\wmp.dll";
share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath);
file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath);

dllVer = GetVer(file:file, share:share);
if(!dllVer){
  exit(0);
}

if(hotfix_check_sp(xp:4) > 0)
{
  SP = get_kb_item("SMB/WinXP/ServicePack");
  if("Service Pack 3" >< SP)
  {
    if(version_in_range(version:dllVer, test_version:"9", test_version2:"9.0.0.4509") ||
       version_in_range(version:dllVer, test_version:"10", test_version2:"10.0.0.4080")||
       version_in_range(version:dllVer, test_version:"11", test_version2:"11.0.5721.5279")){
      security_message( port: 0, data: "The target host was found to be vulnerable" );
    }
    exit(0);
  }
  security_message( port: 0, data: "The target host was found to be vulnerable" );
}

else if(hotfix_check_sp(win2003:3) > 0)
{
  SP = get_kb_item("SMB/Win2003/ServicePack");
  if("Service Pack 2" >< SP)
  {
    if(version_in_range(version:dllVer, test_version:"10", test_version2:"10.0.0.4007")){
      security_message( port: 0, data: "The target host was found to be vulnerable" );
    }
    exit(0);
  }
  security_message( port: 0, data: "The target host was found to be vulnerable" );
}

else if(hotfix_check_sp(winVista:2, win2008:2) > 0)
{
  SP = get_kb_item("SMB/WinVista/ServicePack");

  if(!SP) {
    SP = get_kb_item("SMB/Win2008/ServicePack");
  }

  if("Service Pack 1" >< SP)
  {
    if(version_in_range(version:dllVer, test_version:"11", test_version2:"11.0.6001.7009")){
      security_message( port: 0, data: "The target host was found to be vulnerable" );
    }
    exit(0);
  }

  if("Service Pack 2" >< SP)
  {
    if(version_in_range(version:dllVer, test_version:"11", test_version2:"11.0.6002.18310")){
      security_message( port: 0, data: "The target host was found to be vulnerable" );
    }
    exit(0);
  }
  security_message( port: 0, data: "The target host was found to be vulnerable" );
}

else if(hotfix_check_sp(win7:1) > 0)
{
  if(version_in_range(version:dllVer, test_version:"12", test_version2:"12.0.7600.16666")){
    security_message( port: 0, data: "The target host was found to be vulnerable" );
  }
}

Related

checkpoint_advisories 2
nessus 1
symantec 1
securityvulns 2
openvas 1
prion 1
seebug 1
cve 1
checkpoint_advisories
checkpoint_advisories
Microsoft Browser Embedded Media Player Memory Corruption (MS10-082; CVE-2010-2745)
2010-10-12 00:00:00
Microsoft Browser Embedded Media Player Memory Corruption (MS10-082) - Ver2 (CVE-2010-2745)
2015-03-26 00:00:00
nessus
nessus
MS10-082: Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111)
2010-10-13 00:00:00
symantec
symantec
Microsoft Windows Media Player CVE-2010-2745 Remote Code Execution Vulnerability
2010-10-12 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS10-082 - Important Vulnerability in Windows Media Player Could Allow Remote Code Execution &#40;2378111&#41;
2010-10-13 00:00:00
Windows Media Player memory corruption
2010-10-13 00:00:00
openvas
openvas
Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111))
2010-10-13 00:00:00
prion
prion
Memory corruption
2010-10-13 19:00:00
seebug
seebug
Microsoft Windows Media Player重新加载操作内存破坏漏洞(MS10-082)
2010-10-17 00:00:00
cve
cve
CVE-2010-2745
2010-10-13 19:00:00

6.4 Medium

AI Score

Confidence

Low

0.945 High

EPSS

Percentile

99.2%

JSON
Related for OPENVAS:1361412562310901163
checkpoint_advisories2nessus1symantec1securityvulns2openvas1prion1seebug1cve1