Microsoft Windows Movie Maker IsValidWMToolsStream buffer overflow

2010-05-19T00:00:00
ID SAINT:78DCBFB71B7236C703750A96712A4BAA
Type saint
Reporter SAINT Corporation
Modified 2010-05-19T00:00:00

Description

Added: 05/19/2010
CVE: CVE-2010-0265
BID: 38515
OSVDB: 62811

Background

Windows Movie Maker is software for creating and editing home movies.

Problem

A buffer overflow vulnerability in the IsValidWMToolsStream function allows command execution when a user opens a specially crafted .MSWMM file.

Resolution

Apply the update referenced in Microsoft Security Bulletin 10-016.

References

<http://seclists.org/fulldisclosure/2010/Mar/173>

Limitations

Exploit works on Windows Movie Maker 2.1 and requires a user to open the exploit file.

Platforms

Windows XP