Windows Media Unicast Service transport information packet buffer overflow

2010-04-14T00:00:00
ID SAINT:D121485F2886456AC2A0AF8428154E40
Type saint
Reporter SAINT Corporation
Modified 2010-04-14T00:00:00

Description

Added: 04/14/2010
CVE: CVE-2010-0478

Background

The Windows Media Unicast Service is the part of Windows Media Services which allows streaming media to be sent to a specific user.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted transport information packet to the Windows Media Unicast Service.

Resolution

Apply the patch found in Microsoft Security Bulletin 10-025.

References

<http://www.microsoft.com/technet/security/bulletin/MS10-025.mspx>

Limitations

Exploit works on Windows 2000 only.

Platforms

Windows 2000