Microsoft Windows Movie Maker MediaClipString Buffer Overflow

2010-08-27T00:00:00
ID SAINT:C86AE9844458ABD9A5F6EF0F6EBBBAC8
Type saint
Reporter SAINT Corporation
Modified 2010-08-27T00:00:00

Description

Added: 08/27/2010
CVE: CVE-2010-2564
BID: 42268
OSVDB: 66986

Background

Windows Movie Maker is software for creating and editing home movies.

Problem

A buffer overflow vulnerability when parsing MediaClipString data allows command execution when a user opens a specially crafted .MSWMM file.

Resolution

Apply the update referenced in Microsoft Security Bulletin 10-050.

References

<http://secunia.com/advisories/38931/>

Limitations

Exploit works on Microsoft Windows Movie Maker 2.1 and requires the user to open the exploit file.

Platforms

Windows