Vulners
Lucene search
MPEG-4 Codec Remote Code Execution Vulnerability (975558)
🗓️ 15 Sep 2010 00:00:00Reported by Copyright (C) 2010 SecPodType 
openvas🔗 plugins.openvas.org👁 41 Views
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | Microsoft Windows Media Player MPEG-4 Codec Code Execution (MS10-062; CVE-2010-0818) | 14 Sep 201000:00 | – | checkpoint_advisories |
 | CVE-2010-0818 | 15 Sep 201018:00 | – | cve |
 | CVE-2010-0818 | 15 Sep 201018:00 | – | cvelist |
 | CVE-2010-0818 | 15 Sep 201019:00 | – | nvd |
| MPEG-4 Codec RCE Vulnerability (975558) | 15 Sep 201000:00 | – | openvas |
 | Code injection | 15 Sep 201019:00 | – | prion |
 | PT-2010-2544 · Microsoft · Vista +5 | 15 Sep 201000:00 | – | ptsecurity |
 | Microsoft Security Bulletin MS10-062 - Critical Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558) | 15 Sep 201000:00 | – | securityvulns |
| Microsoft Windows multiple security vulnerabilities | 16 Sep 201000:00 | – | securityvulns |
 | MS10-062: Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558) | 14 Sep 201000:00 | – | nessus |
10
| Source | Link |
|---|---|
| secunia | www.secunia.com/advisories/41395 |
| support | www.support.microsoft.com/kb/975558 |
###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_ms10-062.nasl 7174 2017-09-18 11:48:08Z asteins $
#
# MPEG-4 Codec Remote Code Execution Vulnerability (975558)
#
# Authors:
# Veerendra G.G <[email protected]>
#
# Copyright (c) 2010 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_id(900250);
script_version("$Revision: 7174 $");
script_tag(name:"last_modification", value:"$Date: 2017-09-18 13:48:08 +0200 (Mon, 18 Sep 2017) $");
script_tag(name:"creation_date", value:"2010-09-15 17:01:07 +0200 (Wed, 15 Sep 2010)");
script_bugtraq_id(43039);
script_cve_id("CVE-2010-0818");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("MPEG-4 Codec Remote Code Execution Vulnerability (975558)");
script_xref(name : "URL" , value : "http://secunia.com/advisories/41395");
script_xref(name : "URL" , value : "http://support.microsoft.com/kb/975558");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2010 SecPod");
script_family("Windows : Microsoft Bulletins");
script_dependencies("secpod_reg_enum.nasl");
script_require_ports(139, 445);
script_mandatory_keys("SMB/WindowsVersion");
script_tag(name : "impact" , value : "Successful exploitation could allow attackers to execute arbitrary code
with elevated privileges on vulnerable systems.
Impact Level: System");
script_tag(name : "insight" , value : "The flaws exist in MPEG-4 codec included with Windows Media codecs, which
does not properly handle specially crafted media files that use MPEG-4 video
encoding.");
script_tag(name : "solution" , value : "Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-062.mspx");
script_tag(name : "summary" , value : "This host is missing a critical security update according to
Microsoft Bulletin MS10-062.");
script_tag(name : "affected" , value : "Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
NOTE: This vulnerability does not affect supported editions of Windows
Server 2008, when installed using the Server Core installation option.");
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");
## Basic Windows Version and Service Pack check
if(hotfix_check_sp(xp:4, win2003:3, winVista:3, win2008:3) <= 0){
exit(0);
}
## MS10-062 Hotfix check
if(hotfix_missing(name:"975558") == 0){
exit(0);
}
## For Windows XP and Windows 2003
if(hotfix_check_sp(xp:4) > 0 || hotfix_check_sp(win2003:3) > 0)
{
## Vulnerable, If Windows XP is less less then Service Pack 3
xpSP = get_kb_item("SMB/WinXP/ServicePack");
if(xpSP && "Service Pack 3" >!< xpSP){
security_message(0);
exit(0);
}
## Set the wmp11Installed to TRUE, if Windows Media player 11 is installed
wmp11Installed = FALSE;
wkey = "SOFTWARE\Microsoft\Active setup\Installed Components\";
wmpVer = registry_get_sz(key:wkey+ "{6BF52A52-394A-11d3-B153-00C04F79FAA6}",
item:"Version");
if(wmpVer =~ "^(11,|11\.)"){
wmp11Installed = TRUE;
}
## Get System32 path
sysPath = smb_get_system32root();
if(!sysPath){
exit(0);
}
## First 2 files affect both Windows XP and 2003
## also file versions are same
affectedFiles = ["mpg4ds32.ax", "mp4sds32.ax", "mp4sdecd.dll"];
foreach file (affectedFiles)
{
## Ignore as mp4sdecd.dll file does not affect windows 2003
if(file == "mp4sdecd.dll" && (hotfix_check_sp(win2003:3) > 0)){
continue;
}
## Check Windows 11 is installed, if not continue
else if(file == "mp4sdecd.dll" && !wmp11Installed){
continue;
}
## Get File Version
dllVer = fetch_file_version(sysPath:sysPath, file_name:file);
if(!dllVer){
continue;
}
if(file == "mpg4ds32.ax"){
checkVer = "8.0.0.4504";
}
else if (file == "mp4sds32.ax"){
checkVer = "8.0.0.406";
}
else if (file == "mp4sdecd.dll"){
checkVer = "11.0.5721.5274";
}
## Check version is less than "checkVer" variable
if(version_is_less(version:dllVer, test_version:checkVer)){
security_message(0);
exit(0);
}
}
exit(0);
}
## For Windows Vista and Windows 2008
if(hotfix_check_sp(winVista:2) > 0 || hotfix_check_sp(win2008:2) > 0)
{
## Set Service Pack to "SP" variable
SP = get_kb_item("SMB/WinVista/ServicePack");
if(!SP){
SP = get_kb_item("SMB/Win2008/ServicePack");
}
## Set File Version to "checkVer" variable
if("Service Pack 1" >< SP)
{
## Mp4sdecd.dll version < 11.0.6001.7009
checkVer = "11.0.6001.7009";
}
else if("Service Pack 2" >< SP)
{
## Mp4sdecd.dll version < 11.0.6002.18236
checkVer = "11.0.6002.18236";
}
## Get system32 Path
sysPath = smb_get_system32root();
if(!sysPath){
exit(0);
}
## Get File Version
dllVer = fetch_file_version(sysPath:sysPath,file_name:"Mp4sdecd.dll");
if(!dllVer){
exit(0);
}
## Check file version less than "checkVer" variable
if(version_is_less(version:dllVer, test_version:checkVer)){
security_message(0);
}
exit(0);
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Sep 2017 00:00Current
0.6Low risk
Vulners AI Score0.6
EPSS0.29042