Description of the security update for the Microsoft Video Control elevation of privilege vulnerability in WES09 and POSReady 2009: March 13, 2018

Description of the security update for the Microsoft Video Control elevation of privilege vulnerability in WES09 and POSReady 2009: March 13, 2018 Summary An elevation of privilege vulnerability exists in Windows when the Microsoft Video Control mishandles objects in memory. An attacker who...

Microsoft DirectShow - 'msvidctl.dll' MPEG-2 Memory Corruption (MS09-032/MS09-037) (Metasploit)

$Id: msvidctlmpeg2.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

For MPEG2 0DAY vulnerability analysis-vulnerability warning-the black bar safety net

该 漏洞 表现 在 在 MSVidCtl.dll（XP SP2:6.5.2600.2180,vista:6.5.6000.16386, With. dll is a system of standard components. To produce the vulnerability of the reason is the incorrect reading of the persistence of the byte array VTUI1|VTARRAY, the attacker can construct a special file to trigger the...

Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption

This module exploits a memory corruption within the MSVidCtl component of Microsoft DirectShow BDATuner.MPEG2TuneRequest. By loading a specially crafted GIF file, an attacker can overrun a buffer and execute arbitrary code. ClassID is now configurable via an advanced option otherwise randomized -...

Stack overflow

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library ATL, as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold...

Immunity Canvas: MS09_032

Name| ms09032 ---|--- CVE| CVE-2008-0015 Exploit Pack| CANVAS Description| Microsoft DirectShow msvidctl.dll Vulnerability Notes| CVE Name: CVE-2008-0015 Vendor: Microsoft Notes: Tested against a Windows XP SP2 & SP3 English, German & Simplified Chinese with IE 6. IE 7 asks for confirmation befor...

CVE-2008-0020

Technical details about CVE-2008-0020 are not publicly available in the provided connected documents. Monitor for updates as new information becomes public.

CVE-2008-0015

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library ATL, as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold...

PT-2009-1181

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 Description A stack-based buffer overflow exists in the CComVariant::ReadFromStream function within the Active Templat...

UPDATED: Mass Attacks Exploiting 0-Day in Microsoft Video DLL

There is a widespread attack underway against an unpatched vulnerability in the Msvidctl DLL, with attackers using thousands of newly compromised Web sites to exploit victims’ PCs via drive-by downloads. The attacks are using Internet Explorer as the attack vector and are pushing a Trojan...

DirectShow msvidctl.dll组件解析畸形MPEG2视频格式文件溢出漏洞

“MPEG-2标准”制定于1994年，设计目标是高级工业标准的图象质量以及更高的传输率。MPEG-2所能提供每秒钟3兆到10兆的传输率,其在NTSC制式下的分辨率可达720X486。由于出色的性能表现，MPEG-2被用作DVD的指定标准外，并适用于HDTV高清电视。此外，MPEG-2还广泛用于为广播、有线电视网、电缆网络以及卫星直播提供广播级的数字视频。 是DirectShow相关msvidctl.dll组件解析畸形MPEG2视频格式文件触发溢出，攻击者可以使用普通的javascript堆喷射方式远程执行任意代码。 Windows...