{"cve": [{"lastseen": "2018-10-13T11:34:53", "references": ["https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033", "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"], "description": "Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"MJPEG Media Decompression Vulnerability.\"", "edition": 3, "reporter": "NVD", "published": "2010-06-08T18:30:01", "title": "CVE-2010-1880", "type": "cve", "enchantments": {"score": {"modified": "2018-10-13T11:34:53", "vector": "NONE", "value": 6.8}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:6641", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-1880"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:6641", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:6641"}], "modified": "2018-10-12T17:57:38", "cpe": ["cpe:/a:microsoft:directx:9.0b", "cpe:/a:microsoft:directx:9.0", "cpe:/a:microsoft:directx:9.0a", "cpe:/a:microsoft:directx:9.0c"], "id": "CVE-2010-1880", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1880", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-13T11:34:53", "references": ["https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033", "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"], "description": "Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"Media Decompression Vulnerability.\"", "edition": 3, "reporter": "NVD", "published": "2010-06-08T18:30:01", "title": "CVE-2010-1879", "type": "cve", "enchantments": {"score": {"modified": "2018-10-13T11:34:53", "vector": "NONE", "value": 9.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:7517", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7517"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-1879"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:7517", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7517"}], "modified": "2018-10-12T17:57:38", "cpe": ["cpe:/a:microsoft:directx:9.0b", "cpe:/a:microsoft:directx:9.0", "cpe:/a:microsoft:windows_media_encoder:9:-:x64", "cpe:/a:microsoft:directx:9.0a", "cpe:/a:microsoft:windows_media_format_runtime:9.5", "cpe:/a:microsoft:windows_media_format_runtime:9.5::x64", "cpe:/a:microsoft:directx:9.0c", "cpe:/a:microsoft:windows_media_format_runtime:11", "cpe:/a:microsoft:windows_media_encoder:9:-:x86", "cpe:/a:microsoft:windows_media_format_runtime:9"], "id": "CVE-2010-1879", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1879", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "symantec": [{"lastseen": "2018-03-14T22:39:32", "references": [], "description": "### Description\n\nMicrosoft Windows is prone to a remote code-execution vulnerability when handling compressed media files. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. A successful exploit may allow arbitrary code to run in the context of the currently logged-in user. Failed attack attempts may result in a denial-of-service condition.\n\n### Technologies Affected\n\n * Avaya Meeting Exchange - Client Registration Server \n * Avaya Meeting Exchange - Recording Server \n * Avaya Meeting Exchange - Streaming Server \n * Avaya Meeting Exchange - Web Conferencing Server \n * Avaya Meeting Exchange - Webportal \n * Avaya Messaging Application Server 4 \n * Avaya Messaging Application Server 5 \n * Avaya Messaging Application Server \n * Avaya Messaging Application Server MM 1.1 \n * Avaya Messaging Application Server MM 2.0 \n * Avaya Messaging Application Server MM 3.0 \n * Avaya Messaging Application Server MM 3.1 \n * Microsoft Quartz \n * Microsoft Windows 2000 Professional \n * Microsoft Windows 2000 Professional SP1 \n * Microsoft Windows 2000 Professional SP2 \n * Microsoft Windows 2000 Professional SP3 \n * Microsoft Windows 2000 Professional SP4 \n * Microsoft Windows Server 2003 Datacenter Edition \n * Microsoft Windows Server 2003 Datacenter Edition Itanium \n * Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 \n * Microsoft Windows Server 2003 Datacenter Edition SP1 \n * Microsoft Windows Server 2003 Datacenter x64 Edition \n * Microsoft Windows Server 2003 Datacenter x64 Edition SP2 \n * Microsoft Windows Server 2003 Enterprise Edition \n * Microsoft Windows Server 2003 Enterprise Edition Itanium \n * Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 \n * Microsoft Windows Server 2003 Enterprise Edition SP1 \n * Microsoft Windows Server 2003 Enterprise x64 Edition \n * Microsoft Windows Server 2003 Enterprise x64 Edition SP2 \n * Microsoft Windows Server 2003 Itanium \n * Microsoft Windows Server 2003 Itanium SP1 \n * Microsoft Windows Server 2003 Itanium SP2 \n * Microsoft Windows Server 2003 SP1 \n * Microsoft Windows Server 2003 SP2 \n * Microsoft Windows Server 2003 Standard Edition \n * Microsoft Windows Server 2003 Standard Edition SP1 \n * Microsoft Windows Server 2003 Standard Edition SP2 \n * Microsoft Windows Server 2003 Standard x64 Edition \n * Microsoft Windows Server 2003 Web Edition \n * Microsoft Windows Server 2003 Web Edition SP1 \n * Microsoft Windows Server 2003 Web Edition SP2 \n * Microsoft Windows Server 2003 x64 SP1 \n * Microsoft Windows Server 2003 x64 SP2 \n * Microsoft Windows Server 2008 Datacenter Edition \n * Microsoft Windows Server 2008 Datacenter Edition SP2 \n * Microsoft Windows Server 2008 Enterprise Edition \n * Microsoft Windows Server 2008 Enterprise Edition SP2 \n * Microsoft Windows Server 2008 Standard Edition \n * Microsoft Windows Server 2008 Standard Edition SP2 \n * Microsoft Windows Server 2008 for 32-bit Systems \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Vista \n * Microsoft Windows Vista Business 64-bit edition \n * Microsoft Windows Vista Business 64-bit edition SP1 \n * Microsoft Windows Vista Business 64-bit edition SP2 \n * Microsoft Windows Vista Business \n * Microsoft Windows Vista Enterprise 64-bit edition \n * Microsoft Windows Vista Enterprise 64-bit edition SP1 \n * Microsoft Windows Vista Enterprise 64-bit edition SP2 \n * Microsoft Windows Vista Enterprise \n * Microsoft Windows Vista Enterprise SP1 \n * Microsoft Windows Vista Enterprise SP2 \n * Microsoft Windows Vista Home Basic 64-bit edition \n * Microsoft Windows Vista Home Basic 64-bit edition SP1 \n * Microsoft Windows Vista Home Basic 64-bit edition SP2 \n * Microsoft Windows Vista Home Basic \n * Microsoft Windows Vista Home Basic SP1 \n * Microsoft Windows Vista Home Basic SP2 \n * Microsoft Windows Vista Home Premium 64-bit edition \n * Microsoft Windows Vista Home Premium 64-bit edition SP1 \n * Microsoft Windows Vista Home Premium 64-bit edition SP2 \n * Microsoft Windows Vista Home Premium \n * Microsoft Windows Vista Home Premium SP1 \n * Microsoft Windows Vista Home Premium SP2 \n * Microsoft Windows Vista SP1 \n * Microsoft Windows Vista SP2 \n * Microsoft Windows Vista Ultimate 64-bit edition \n * Microsoft Windows Vista Ultimate 64-bit edition SP1 \n * Microsoft Windows Vista Ultimate 64-bit edition SP2 \n * Microsoft Windows Vista Ultimate \n * Microsoft Windows Vista Ultimate SP1 \n * Microsoft Windows Vista Ultimate SP2 \n * Microsoft Windows Vista x64 Edition \n * Microsoft Windows Vista x64 Edition SP1 \n * Microsoft Windows Vista x64 Edition SP2 \n * Microsoft Windows XP 64-bit Edition \n * Microsoft Windows XP 64-bit Edition SP1 \n * Microsoft Windows XP \n * Microsoft Windows XP Home \n * Microsoft Windows XP Home SP1 \n * Microsoft Windows XP Home SP2 \n * Microsoft Windows XP Home SP3 \n * Microsoft Windows XP Media Center Edition \n * Microsoft Windows XP Media Center Edition SP1 \n * Microsoft Windows XP Media Center Edition SP2 \n * Microsoft Windows XP Media Center Edition SP3 \n * Microsoft Windows XP Professional \n * Microsoft Windows XP Professional SP1 \n * Microsoft Windows XP Professional SP2 \n * Microsoft Windows XP Professional SP3 \n * Microsoft Windows XP Professional x64 Edition \n * Microsoft Windows XP Professional x64 Edition SP2 \n * Microsoft Windows XP Professional x64 Edition SP3 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful attacks, never handle or open files from unknown sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of successful exploits, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nVarious memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code. Host-based intrusion-prevention systems may also help prevent exploits. \n\nUpdates are available; please see the references for more information.\n", "edition": 2, "reporter": "Symantec Security Response", "published": "2010-06-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "type": "symantec", "title": "Microsoft Windows Media Decompression (CVE-2010-1880) Remote Code Execution Vulnerability", "bulletinFamily": "software", "affectedSoftware": [{"name": "Microsoft Windows Vista Home Premium", "version": "64-bit edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 Standard Edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 Enterprise Edition ", "operator": "eq"}, {"name": "Avaya Messaging Application Server MM", "version": "3.0 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Ultimate", "version": "64-bit edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 Standard Edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Standard x64 Edition ", "operator": "eq"}, {"name": "Avaya Messaging Application Server MM", "version": "1.1 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Home Premium", "version": "64-bit edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Datacenter Edition Itanium SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Home Basic", "version": "64-bit edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Datacenter Edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for x64-based Systems ", "operator": "eq"}, {"name": "Microsoft Windows Vista Ultimate", "version": "64-bit edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Standard Edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 x64 SP2 ", "operator": "eq"}, {"name": "Avaya Messaging Application Server MM", "version": "3.1 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Business", "version": "64-bit edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Datacenter x64 Edition ", "operator": "eq"}, {"name": "Microsoft Windows Vista Ultimate", "version": "64-bit edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "2000 Professional ", "operator": "eq"}, {"name": "Avaya Messaging Application Server MM", "version": "2.0 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Enterprise Edition Itanium SP1 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "2000 Professional SP4 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for Itanium-based Systems ", "operator": "eq"}, {"name": "Microsoft Windows Vista Enterprise", "version": "64-bit edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Itanium SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Standard Edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 Datacenter Edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Business", "version": "64-bit edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 Datacenter Edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Enterprise x64 Edition ", "operator": "eq"}, {"name": "Microsoft Windows Vista Enterprise", "version": "64-bit edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Enterprise Edition Itanium ", "operator": "eq"}, {"name": "Avaya Messaging Application Server", "version": "5 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for 32-bit Systems SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Standard Edition ", "operator": "eq"}, {"name": "Microsoft Windows Vista Home Premium", "version": "64-bit edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Enterprise Edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Enterprise", "version": "64-bit edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows XP", "version": "64-bit Edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Itanium SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for 32-bit Systems ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for x64-based Systems SP2 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "2000 Professional SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Datacenter x64 Edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "2000 Professional SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 Enterprise Edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "2000 Professional SP3 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Datacenter Edition Itanium ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Datacenter Edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Web Edition ", "operator": "eq"}, {"name": "Microsoft Windows Vista Home Basic", "version": "64-bit edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Web Edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 x64 SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for Itanium-based Systems SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Home Basic", "version": "64-bit edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Enterprise x64 Edition SP2 ", "operator": "eq"}, {"name": "Avaya Messaging Application Server", "version": "4 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Itanium ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Enterprise Edition ", "operator": "eq"}, {"name": "Microsoft Windows XP", "version": "64-bit Edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Web Edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Business", "version": "64-bit edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 SP2 ", "operator": "eq"}], "cvelist": ["CVE-2010-1880"], "modified": "2010-06-08T00:00:00", "id": "SMNTC-40464", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/40464", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-12T00:30:52", "references": [], "edition": 2, "description": "### Description\n\nMicrosoft Windows is prone to a remote code-execution vulnerability when handling compressed media files. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. A successful exploit may allow arbitrary code to run in the context of the currently logged-in user. Failed attack attempts may result in a denial-of-service condition.\n\n### Technologies Affected\n\n * Avaya Meeting Exchange - Client Registration Server \n * Avaya Meeting Exchange - Recording Server \n * Avaya Meeting Exchange - Streaming Server \n * Avaya Meeting Exchange - Web Conferencing Server \n * Avaya Meeting Exchange - Webportal \n * Avaya Messaging Application Server 4 \n * Avaya Messaging Application Server 5 \n * Avaya Messaging Application Server \n * Avaya Messaging Application Server MM 1.1 \n * Avaya Messaging Application Server MM 2.0 \n * Avaya Messaging Application Server MM 3.0 \n * Avaya Messaging Application Server MM 3.1 \n * Microsoft Asycfilt.dll \n * Microsoft Quartz \n * Microsoft Windows 2000 Professional \n * Microsoft Windows 2000 Professional SP1 \n * Microsoft Windows 2000 Professional SP2 \n * Microsoft Windows 2000 Professional SP3 \n * Microsoft Windows 2000 Professional SP4 \n * Microsoft Windows 7 for 32-bit Systems \n * Microsoft Windows 7 for Itanium-based Systems \n * Microsoft Windows 7 for x64-based Systems \n * Microsoft Windows Media Encoder 9 \n * Microsoft Windows Media Encoder 9 x64 \n * Microsoft Windows Media Format Runtime 11 \n * Microsoft Windows Media Format Runtime 9 \n * Microsoft Windows Media Format Runtime 9.5 \n * Microsoft Windows Server 2003 Datacenter Edition \n * Microsoft Windows Server 2003 Datacenter Edition Itanium \n * Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 \n * Microsoft Windows Server 2003 Datacenter Edition SP1 \n * Microsoft Windows Server 2003 Datacenter x64 Edition \n * Microsoft Windows Server 2003 Datacenter x64 Edition SP2 \n * Microsoft Windows Server 2003 Enterprise Edition \n * Microsoft Windows Server 2003 Enterprise Edition Itanium \n * Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 \n * Microsoft Windows Server 2003 Enterprise Edition SP1 \n * Microsoft Windows Server 2003 Enterprise x64 Edition \n * Microsoft Windows Server 2003 Enterprise x64 Edition SP2 \n * Microsoft Windows Server 2003 Itanium \n * Microsoft Windows Server 2003 Itanium SP1 \n * Microsoft Windows Server 2003 Itanium SP2 \n * Microsoft Windows Server 2003 SP1 \n * Microsoft Windows Server 2003 SP2 \n * Microsoft Windows Server 2003 Standard Edition \n * Microsoft Windows Server 2003 Standard Edition SP1 \n * Microsoft Windows Server 2003 Standard Edition SP2 \n * Microsoft Windows Server 2003 Standard x64 Edition \n * Microsoft Windows Server 2003 Web Edition \n * Microsoft Windows Server 2003 Web Edition SP1 \n * Microsoft Windows Server 2003 Web Edition SP2 \n * Microsoft Windows Server 2003 x64 SP1 \n * Microsoft Windows Server 2003 x64 SP2 \n * Microsoft Windows Server 2008 Datacenter Edition \n * Microsoft Windows Server 2008 Datacenter Edition SP2 \n * Microsoft Windows Server 2008 Enterprise Edition \n * Microsoft Windows Server 2008 Enterprise Edition SP2 \n * Microsoft Windows Server 2008 Standard Edition \n * Microsoft Windows Server 2008 Standard Edition SP2 \n * Microsoft Windows Server 2008 for 32-bit Systems \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems \n * Microsoft Windows Server 2008 for Itanium-based Systems R2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems \n * Microsoft Windows Server 2008 for x64-based Systems R2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Vista \n * Microsoft Windows Vista Business 64-bit edition \n * Microsoft Windows Vista Business 64-bit edition SP1 \n * Microsoft Windows Vista Business 64-bit edition SP2 \n * Microsoft Windows Vista Business \n * Microsoft Windows Vista Business SP1 \n * Microsoft Windows Vista Business SP2 \n * Microsoft Windows Vista Enterprise 64-bit edition \n * Microsoft Windows Vista Enterprise 64-bit edition SP1 \n * Microsoft Windows Vista Enterprise 64-bit edition SP2 \n * Microsoft Windows Vista Enterprise \n * Microsoft Windows Vista Enterprise SP1 \n * Microsoft Windows Vista Enterprise SP2 \n * Microsoft Windows Vista Home Basic 64-bit edition \n * Microsoft Windows Vista Home Basic 64-bit edition SP1 \n * Microsoft Windows Vista Home Basic 64-bit edition SP2 \n * Microsoft Windows Vista Home Basic \n * Microsoft Windows Vista Home Basic SP1 \n * Microsoft Windows Vista Home Basic SP2 \n * Microsoft Windows Vista Home Premium 64-bit edition \n * Microsoft Windows Vista Home Premium 64-bit edition SP1 \n * Microsoft Windows Vista Home Premium 64-bit edition SP2 \n * Microsoft Windows Vista Home Premium \n * Microsoft Windows Vista Home Premium SP1 \n * Microsoft Windows Vista Home Premium SP2 \n * Microsoft Windows Vista SP1 \n * Microsoft Windows Vista SP2 \n * Microsoft Windows Vista Ultimate 64-bit edition \n * Microsoft Windows Vista Ultimate 64-bit edition SP1 \n * Microsoft Windows Vista Ultimate 64-bit edition SP2 \n * Microsoft Windows Vista Ultimate \n * Microsoft Windows Vista Ultimate SP1 \n * Microsoft Windows Vista Ultimate SP2 \n * Microsoft Windows Vista x64 Edition \n * Microsoft Windows Vista x64 Edition SP1 \n * Microsoft Windows Vista x64 Edition SP2 \n * Microsoft Windows XP 64-bit Edition \n * Microsoft Windows XP 64-bit Edition SP1 \n * Microsoft Windows XP \n * Microsoft Windows XP Home \n * Microsoft Windows XP Home SP1 \n * Microsoft Windows XP Home SP2 \n * Microsoft Windows XP Home SP3 \n * Microsoft Windows XP Media Center Edition \n * Microsoft Windows XP Media Center Edition SP1 \n * Microsoft Windows XP Media Center Edition SP2 \n * Microsoft Windows XP Media Center Edition SP3 \n * Microsoft Windows XP Professional \n * Microsoft Windows XP Professional SP1 \n * Microsoft Windows XP Professional SP2 \n * Microsoft Windows XP Professional SP3 \n * Microsoft Windows XP Professional x64 Edition \n * Microsoft Windows XP Professional x64 Edition SP2 \n * Microsoft Windows XP Professional x64 Edition SP3 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful attacks, never handle or open files from unknown sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of successful exploits, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nVarious memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code. Host-based intrusion-prevention systems may also help prevent exploits. \n\nUpdates are available; please see the references for more information.\n", "reporter": "Symantec Security Response", "published": "2010-06-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "type": "symantec", "title": "Microsoft Windows Media Decompression (CVE-2010-1879) Remote Code Execution Vulnerability", "bulletinFamily": "software", "affectedSoftware": [{"name": "Microsoft Windows Vista Home Premium", "version": "64-bit edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 Standard Edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Media Format Runtime", "version": "11 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 Enterprise Edition ", "operator": "eq"}, {"name": "Avaya Messaging Application Server MM", "version": "3.0 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Ultimate", "version": "64-bit edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for Itanium-based Systems R2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 Standard Edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Standard x64 Edition ", "operator": "eq"}, {"name": "Avaya Messaging Application Server MM", "version": "1.1 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "7 for 32-bit Systems ", "operator": "eq"}, {"name": "Microsoft Windows Vista Home Premium", "version": "64-bit edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Datacenter Edition Itanium SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Home Basic", "version": "64-bit edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for x64-based Systems R2 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "7 for Itanium-based Systems ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Datacenter Edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for x64-based Systems ", "operator": "eq"}, {"name": "Microsoft Windows Vista Ultimate", "version": "64-bit edition ", "operator": "eq"}, {"name": "Microsoft Windows Media Format Runtime", "version": "9.5 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Standard Edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 x64 SP2 ", "operator": "eq"}, {"name": "Avaya Messaging Application Server MM", "version": "3.1 ", "operator": "eq"}, {"name": "Microsoft Windows Media Format Runtime", "version": "9 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Business", "version": "64-bit edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Datacenter x64 Edition ", "operator": "eq"}, {"name": "Microsoft Windows Vista Ultimate", "version": "64-bit edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "2000 Professional ", "operator": "eq"}, {"name": "Avaya Messaging Application Server MM", "version": "2.0 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Enterprise Edition Itanium SP1 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "2000 Professional SP4 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for Itanium-based Systems ", "operator": "eq"}, {"name": "Microsoft Windows Vista Enterprise", "version": "64-bit edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Itanium SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Standard Edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 Datacenter Edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Business", "version": "64-bit edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 Datacenter Edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Enterprise x64 Edition ", "operator": "eq"}, {"name": "Microsoft Windows Vista Enterprise", "version": "64-bit edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Enterprise Edition Itanium ", "operator": "eq"}, {"name": "Avaya Messaging Application Server", "version": "5 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for 32-bit Systems SP2 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "7 for x64-based Systems ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Standard Edition ", "operator": "eq"}, {"name": "Microsoft Windows Vista Home Premium", "version": "64-bit edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Enterprise Edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Enterprise", "version": "64-bit edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows XP", "version": "64-bit Edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Itanium SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for 32-bit Systems ", "operator": "eq"}, {"name": "Microsoft Windows Media Encoder", "version": "9 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for x64-based Systems SP2 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "2000 Professional SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Datacenter x64 Edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Media Encoder", "version": "9 x64 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "2000 Professional SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 Enterprise Edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows", "version": "2000 Professional SP3 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Datacenter Edition Itanium ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Datacenter Edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Web Edition ", "operator": "eq"}, {"name": "Microsoft Windows Vista Home Basic", "version": "64-bit edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Web Edition SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 x64 SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2008 for Itanium-based Systems SP2 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Home Basic", "version": "64-bit edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Enterprise x64 Edition SP2 ", "operator": "eq"}, {"name": "Avaya Messaging Application Server", "version": "4 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Itanium ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Enterprise Edition ", "operator": "eq"}, {"name": "Microsoft Windows XP", "version": "64-bit Edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 Web Edition SP1 ", "operator": "eq"}, {"name": "Microsoft Windows Vista Business", "version": "64-bit edition ", "operator": "eq"}, {"name": "Microsoft Windows Server", "version": "2003 SP2 ", "operator": "eq"}], "cvelist": ["CVE-2010-1879"], "modified": "2010-06-08T00:00:00", "id": "SMNTC-40432", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/40432", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:09:50", "references": ["http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx", "http://secunia.com/advisories/40058"], "pluginID": "900246", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS10-033.", "edition": 1, "reporter": "Copyright (C) 2010 SecPod", "published": "2010-06-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Microsoft Media Decompression Remote Code Execution Vulnerability (979902)", "type": "openvas", "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1879", "CVE-2010-1880"], "modified": "2017-04-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=900246", "id": "OPENVAS:900246", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms10-033.nasl 5934 2017-04-11 12:28:28Z antu123 $\n#\n# Microsoft Media Decompression Remote Code Execution Vulnerability (979902)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n# \n# Updated By: Madhuri D <dmadhuri@secpod.com> on 2010-11-16\n# - To detect required file versions on vista, win 2008 and win 7\n#\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_id(900246);\n script_version(\"$Revision: 5934 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-11 14:28:28 +0200 (Tue, 11 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-09 17:19:57 +0200 (Wed, 09 Jun 2010)\");\n script_bugtraq_id(40432, 40464);\n script_cve_id(\"CVE-2010-1879\", \"CVE-2010-1880\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Microsoft Media Decompression Remote Code Execution Vulnerability (979902)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/40058\");\n script_xref(name : \"URL\" , value : \"http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : \"Successful exploitation will allow remote attackers to execute arbitrary\n code.\n Impact Level: System\");\n script_tag(name : \"insight\" , value : \"An unspecified error exists while processing media files with a specially\n crafted compression data. An attacker can exploit this vulnerability by\n tricking a user to open a specially crafted media file.\");\n script_tag(name : \"summary\" , value : \"This host is missing a critical security update according to\n Microsoft Bulletin MS10-033.\");\n script_tag(name : \"solution\" , value : \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx\");\n script_tag(name : \"affected\" , value : \"DirectX, Windows Media Encoder 9 and COM component on,\n Micorsoft Windows 7\n Microsoft Windows 2000 SP4\n Microsoft Windows XP Service Pack 3 and prior\n Microsoft Windows 2K3 Service Pack 2 and prior\n Microsoft Windows Vista Service Pack 1/2 and prior.\n Microsoft Windows Server 2008 Service Pack 1/2 and prior.\n\n Windows Media Format Runtime 9 on,\n Microsoft Windows 2000 SP4\n Microsoft Windows XP Service Pack 3 and prior\n\n Windows Media Format Runtime 9.5 on,\n Microsoft Windows XP Service Pack 3 and prior\n Microsoft Windows 2K3 Service Pack 2 and prior\n\n Windows Media Format Runtime 11 on,\n Microsoft Windows XP Service Pack 3 and prior\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\n## OS with Hotfix Check\nif(hotfix_check_sp(win2k:5, xp:4, win2003:3, winVista:3, win7:1, win2008:3) <= 0){\n exit(0);\n}\n\n# MS10-033 Hotfix check\nif(hotfix_missing(name:\"975562\") == 0 || hotfix_missing(name:\"978695\") == 0 ||\n hotfix_missing(name:\"979332\") == 0 || hotfix_missing(name:\"979482\") == 0 ){\n exit(0);\n}\n\n## Windows Media Encoder 9 vulnerability\nwme9Installed = registry_key_exists(key:\"SOFTWARE\\Microsoft\\Windows\" +\n \"\\CurrentVersion\\Uninstall\\Windows Media Encoder 9\");\nif(wme9Installed)\n{\n wmekey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\wmenc.exe\";\n wmeitem = \"Path\";\n wmePath = registry_get_sz(key:wmekey, item:wmeitem);\n\n dllVer = fetch_file_version(sysPath:wmePath, file_name:\"Wmenceng.dll\");\n if(dllVer)\n {\n ## Check Wmenceng.dll version < 9.0.0.3369\n if(version_in_range(version:dllVer, test_version:\"9.0\",\n test_version2:\"9.0.0.3368\")){\n security_message(0);\n exit(0);\n }\n }\n}\n\n## Get System32 Path\nsystem32Path = smb_get_system32root();\nif(!system32Path){\n exit(0);\n}\n\n## Windows 2000\nif(hotfix_check_sp(win2k:5) > 0)\n{\n\n ## Check for Asycfilt.dll COM component vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Asycfilt.dll\");\n if(dllVer)\n {\n ## Check Asycfilt.dll version < 2.40.4534.0\n if(version_is_less(version:dllVer, test_version:\"2.40.4534.0\")){\n security_message(0);\n exit(0);\n }\n }\n\n ## Check for DirectX vulnerability\n directXver = registry_get_sz(key:\"SOFTWARE\\Microsoft\\DirectX\",\n item:\"Version\");\n if(directXver =~ \"^4\\.09\")\n {\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Quartz.dll\");\n if(dllVer)\n {\n ## Grep Quartz.dll version < 6.5.1.914\n if(version_in_range(version:dllVer, test_version:\"6.5\",\n test_version2:\"6.5.1.913\")){\n security_message(0);\n exit(0);\n }\n }\n }\n\n ## Check for Media Format Runtime vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Wmvcore.dll\");\n if(dllVer)\n {\n ## Check Asycfilt.dll version from 9.0 < 9.0.0.3369\n if(version_in_range(version:dllVer, test_version:\"9.0\",\n test_version2:\"9.0.0.3368\")){\n security_message(0);\n exit(0);\n }\n }\n}\n\n## Windows XP\nelse if(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n\n ## Check for Asycfilt.dll COM component vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Asycfilt.dll\");\n if(dllVer)\n {\n if(\"Service Pack 2\" >< SP)\n {\n ## Check Asycfilt.dll version < 5.1.2600.3680\n if(version_is_less(version:dllVer, test_version:\"5.1.2600.3680\")){\n security_message(0);\n exit(0);\n }\n }\n else if(\"Service Pack 3\" >< SP)\n {\n ## Check Asycfilt.dll version < 5.1.2600.5949\n if(version_is_less(version:dllVer, test_version:\"5.1.2600.5949\")){\n security_message(0);\n exit(0);\n }\n }\n }\n\n ## Check for DirectX vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Quartz.dll\");\n if(dllVer)\n {\n if(\"Service Pack 2\" >< SP)\n {\n ## Grep Quartz.dll version 6.5 < 6.5.2600.3665\n if(version_in_range(version:dllVer, test_version:\"6.5\",\n test_version2:\"6.5.2600.3664\")){\n security_message(0);\n exit(0);\n }\n }\n else if(\"Service Pack 3\" >< SP)\n {\n ## Grep Quartz.dll version 6.5 < 6.5.2600.5933\n if(version_in_range(version:dllVer, test_version:\"6.5\",\n test_version2:\"6.5.2600.5932\")){\n security_message(0);\n exit(0);\n }\n }\n }\n\n ## Check for Media Format Runtime vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Wmvcore.dll\");\n if(dllVer)\n {\n if(\"Service Pack 2\" >< SP)\n {\n ## Check Asycfilt.dll version from 9.0 < 9.0.0.3272 and 10.0 < 10.0.0.3706\n ## and 11.0 < 11.0.5721.5275\n if(version_in_range(version:dllVer, test_version:\"9.0\", test_version2:\"9.0.0.3271\")||\n version_in_range(version:dllVer, test_version:\"10.0\", test_version2:\"10.0.0.3705\")||\n version_in_range(version:dllVer, test_version:\"11.0\", test_version2:\"11.0.5721.5274\")){\n security_message(0);\n exit(0);\n }\n }\n else if(\"Service Pack 3\" >< SP)\n {\n ## Check Asycfilt.dll version from 9.0 < 9.0.0.4509 and 10.0 < 10.0.0.3706\n ## and 11.0 < 11.0.5721.5275\n if(version_in_range(version:dllVer, test_version:\"9.0\", test_version2:\"9.0.0.4508\")||\n version_in_range(version:dllVer, test_version:\"10.0\", test_version2:\"10.0.0.3705\")||\n version_in_range(version:dllVer, test_version:\"11.0\", test_version2:\"11.0.5721.5274\")){\n security_message(0);\n exit(0);\n }\n }\n }\n}\n\n## Windows 2003\nif(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n ## Check for Asycfilt.dll COM component vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Asycfilt.dll\");\n if(dllVer)\n {\n ## Check Asycfilt.dll version < 5.2.3790.4676\n if(version_is_less(version:dllVer, test_version:\"5.2.3790.4676\")){\n security_message(0);\n exit(0);\n }\n }\n\n ## Check for DirectX vulnerability\n directXver = registry_get_sz(key:\"SOFTWARE\\Microsoft\\DirectX\",\n item:\"Version\");\n if(directXver =~ \"^4\\.09\")\n {\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Quartz.dll\");\n if(dllVer)\n {\n ## Grep Quartz.dll version 6.5 < 6.5.3790.4660\n if(version_in_range(version:dllVer, test_version:\"6.5\",\n test_version2:\"6.5.3790.4659\")){\n security_message(0);\n exit(0);\n }\n }\n }\n\n ## Check for Media Format Runtime vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Wmvcore.dll\");\n if(dllVer)\n {\n ## Check Asycfilt.dll version from 10.0 < 10.0.0.4007\n if(version_in_range(version:dllVer, test_version:\"10.0\",\n test_version2:\"10.0.0.4006\")){\n security_message(0);\n exit(0);\n }\n }\n }\n}\n\n## Get System32 Path\nsystem32Path = smb_get_system32root();\nif(!system32Path){\n exit(0);\n}\n\n## Windows vista\nif(hotfix_check_sp(winVista:3) > 0)\n{\n ## Check for Asycfilt.dll COM component vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Asycfilt.dll\");\n if(dllVer)\n {\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n ## Check Asycfilt.dll version \n if(version_is_less(version:dllVer, test_version:\"6.0.6001.18454\")){\n security_message(0);\n }\n exit(0);\n }\n \n if(\"Service Pack 2\" >< SP)\n {\n # Grep for Asycfilt.dll version\n if(version_in_range(version:dllVer, test_version:\"6.0.6002.18236\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n }\n\n ## Check for DirectX vulnerability\n directXver = registry_get_sz(key:\"SOFTWARE\\Microsoft\\DirectX\",\n item:\"Version\");\n if(directXver =~ \"^4\\.09\")\n {\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Quartz.dll\");\n if(dllVer)\n {\n ## Grep Quartz.dll version \n if(version_in_range(version:dllVer, test_version:\"6.6\", test_version2:\"6.6.6001.18461\")){\n security_message(0);\n }\n exit(0);\n }\n }\n}\n\n## Windows 2008 server\nif(hotfix_check_sp(win2008:3) > 0)\n{\n ## Check for Asycfilt.dll COM component vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Asycfilt.dll\");\n if(dllVer)\n {\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n ## Check Asycfilt.dll version \n if(version_is_less(version:dllVer, test_version:\"6.0.6001.18454\")){\n security_message(0);\n }\n exit(0);\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n # Grep for Asycfilt.dll version\n if(version_in_range(version:dllVer, test_version:\"6.0.6002.18236\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n }\n\n ## Check for DirectX vulnerability\n directXver = registry_get_sz(key:\"SOFTWARE\\Microsoft\\DirectX\",\n item:\"Version\");\n if(directXver =~ \"^4\\.09\")\n {\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Quartz.dll\");\n if(dllVer)\n {\n ## Grep Quartz.dll version \n if(version_in_range(version:dllVer, test_version:\"6.6\", test_version2:\"6.6.6001.18460\")){\n security_message(0);\n }\n exit(0);\n }\n }\n}\n\n## Windows 7\nif(hotfix_check_sp(win7:1) > 0)\n{\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Asycfilt.dll\");\n if(dllVer)\n {\n # Grep for Asycfilt.dll version \n if(version_in_range(version:dllVer, test_version:\"6.1.7600.16544\")){\n security_message(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:05:40", "references": ["http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx", "http://secunia.com/advisories/40058"], "pluginID": "1361412562310900246", "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS10-033.", "edition": 5, "reporter": "Copyright (C) 2010 SecPod", "published": "2010-06-09T00:00:00", "title": "Microsoft Media Decompression Remote Code Execution Vulnerability (979902)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1879", "CVE-2010-1880"], "modified": "2018-02-08T00:00:00", "id": "OPENVAS:1361412562310900246", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900246", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms10-033.nasl 8724 2018-02-08 15:02:56Z cfischer $\n#\n# Microsoft Media Decompression Remote Code Execution Vulnerability (979902)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n# \n# Updated By: Madhuri D <dmadhuri@secpod.com> on 2010-11-16\n# - To detect required file versions on vista, win 2008 and win 7\n#\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900246\");\n script_version(\"$Revision: 8724 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-08 16:02:56 +0100 (Thu, 08 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-09 17:19:57 +0200 (Wed, 09 Jun 2010)\");\n script_bugtraq_id(40432, 40464);\n script_cve_id(\"CVE-2010-1879\", \"CVE-2010-1880\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Microsoft Media Decompression Remote Code Execution Vulnerability (979902)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/40058\");\n script_xref(name : \"URL\" , value : \"http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : \"Successful exploitation will allow remote attackers to execute arbitrary\n code.\n\n Impact Level: System\");\n script_tag(name : \"insight\" , value : \"An unspecified error exists while processing media files with a specially\n crafted compression data. An attacker can exploit this vulnerability by\n tricking a user to open a specially crafted media file.\");\n script_tag(name : \"summary\" , value : \"This host is missing a critical security update according to\n Microsoft Bulletin MS10-033.\");\n script_tag(name : \"solution\" , value : \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n\n http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx\");\n script_tag(name : \"affected\" , value : \"DirectX, Windows Media Encoder 9 and COM component on,\n\n Microsoft Windows 7\n\n Microsoft Windows 2000 SP4\n\n Microsoft Windows XP Service Pack 3 and prior\n\n Microsoft Windows 2K3 Service Pack 2 and prior\n\n Microsoft Windows Vista Service Pack 1/2 and prior.\n\n Microsoft Windows Server 2008 Service Pack 1/2 and prior.\n\n Windows Media Format Runtime 9 on,\n\n Microsoft Windows 2000 SP4\n\n Microsoft Windows XP Service Pack 3 and prior\n\n Windows Media Format Runtime 9.5 on,\n\n Microsoft Windows XP Service Pack 3 and prior\n\n Microsoft Windows 2K3 Service Pack 2 and prior\n\n Windows Media Format Runtime 11 on,\n\n Microsoft Windows XP Service Pack 3 and prior\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\n## OS with Hotfix Check\nif(hotfix_check_sp(win2k:5, xp:4, win2003:3, winVista:3, win7:1, win2008:3) <= 0){\n exit(0);\n}\n\n# MS10-033 Hotfix check\nif(hotfix_missing(name:\"975562\") == 0 || hotfix_missing(name:\"978695\") == 0 ||\n hotfix_missing(name:\"979332\") == 0 || hotfix_missing(name:\"979482\") == 0 ){\n exit(0);\n}\n\n## Windows Media Encoder 9 vulnerability\nwme9Installed = registry_key_exists(key:\"SOFTWARE\\Microsoft\\Windows\" +\n \"\\CurrentVersion\\Uninstall\\Windows Media Encoder 9\");\nif(wme9Installed)\n{\n wmekey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\wmenc.exe\";\n wmeitem = \"Path\";\n wmePath = registry_get_sz(key:wmekey, item:wmeitem);\n\n dllVer = fetch_file_version(sysPath:wmePath, file_name:\"Wmenceng.dll\");\n if(dllVer)\n {\n ## Check Wmenceng.dll version < 9.0.0.3369\n if(version_in_range(version:dllVer, test_version:\"9.0\",\n test_version2:\"9.0.0.3368\")){\n security_message(0);\n exit(0);\n }\n }\n}\n\n## Get System32 Path\nsystem32Path = smb_get_system32root();\nif(!system32Path){\n exit(0);\n}\n\n## Windows 2000\nif(hotfix_check_sp(win2k:5) > 0)\n{\n\n ## Check for Asycfilt.dll COM component vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Asycfilt.dll\");\n if(dllVer)\n {\n ## Check Asycfilt.dll version < 2.40.4534.0\n if(version_is_less(version:dllVer, test_version:\"2.40.4534.0\")){\n security_message(0);\n exit(0);\n }\n }\n\n ## Check for DirectX vulnerability\n directXver = registry_get_sz(key:\"SOFTWARE\\Microsoft\\DirectX\",\n item:\"Version\");\n if(directXver =~ \"^4\\.09\")\n {\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Quartz.dll\");\n if(dllVer)\n {\n ## Grep Quartz.dll version < 6.5.1.914\n if(version_in_range(version:dllVer, test_version:\"6.5\",\n test_version2:\"6.5.1.913\")){\n security_message(0);\n exit(0);\n }\n }\n }\n\n ## Check for Media Format Runtime vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Wmvcore.dll\");\n if(dllVer)\n {\n ## Check Asycfilt.dll version from 9.0 < 9.0.0.3369\n if(version_in_range(version:dllVer, test_version:\"9.0\",\n test_version2:\"9.0.0.3368\")){\n security_message(0);\n exit(0);\n }\n }\n}\n\n## Windows XP\nelse if(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n\n ## Check for Asycfilt.dll COM component vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Asycfilt.dll\");\n if(dllVer)\n {\n if(\"Service Pack 2\" >< SP)\n {\n ## Check Asycfilt.dll version < 5.1.2600.3680\n if(version_is_less(version:dllVer, test_version:\"5.1.2600.3680\")){\n security_message(0);\n exit(0);\n }\n }\n else if(\"Service Pack 3\" >< SP)\n {\n ## Check Asycfilt.dll version < 5.1.2600.5949\n if(version_is_less(version:dllVer, test_version:\"5.1.2600.5949\")){\n security_message(0);\n exit(0);\n }\n }\n }\n\n ## Check for DirectX vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Quartz.dll\");\n if(dllVer)\n {\n if(\"Service Pack 2\" >< SP)\n {\n ## Grep Quartz.dll version 6.5 < 6.5.2600.3665\n if(version_in_range(version:dllVer, test_version:\"6.5\",\n test_version2:\"6.5.2600.3664\")){\n security_message(0);\n exit(0);\n }\n }\n else if(\"Service Pack 3\" >< SP)\n {\n ## Grep Quartz.dll version 6.5 < 6.5.2600.5933\n if(version_in_range(version:dllVer, test_version:\"6.5\",\n test_version2:\"6.5.2600.5932\")){\n security_message(0);\n exit(0);\n }\n }\n }\n\n ## Check for Media Format Runtime vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Wmvcore.dll\");\n if(dllVer)\n {\n if(\"Service Pack 2\" >< SP)\n {\n ## Check Asycfilt.dll version from 9.0 < 9.0.0.3272 and 10.0 < 10.0.0.3706\n ## and 11.0 < 11.0.5721.5275\n if(version_in_range(version:dllVer, test_version:\"9.0\", test_version2:\"9.0.0.3271\")||\n version_in_range(version:dllVer, test_version:\"10.0\", test_version2:\"10.0.0.3705\")||\n version_in_range(version:dllVer, test_version:\"11.0\", test_version2:\"11.0.5721.5274\")){\n security_message(0);\n exit(0);\n }\n }\n else if(\"Service Pack 3\" >< SP)\n {\n ## Check Asycfilt.dll version from 9.0 < 9.0.0.4509 and 10.0 < 10.0.0.3706\n ## and 11.0 < 11.0.5721.5275\n if(version_in_range(version:dllVer, test_version:\"9.0\", test_version2:\"9.0.0.4508\")||\n version_in_range(version:dllVer, test_version:\"10.0\", test_version2:\"10.0.0.3705\")||\n version_in_range(version:dllVer, test_version:\"11.0\", test_version2:\"11.0.5721.5274\")){\n security_message(0);\n exit(0);\n }\n }\n }\n}\n\n## Windows 2003\nif(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n ## Check for Asycfilt.dll COM component vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Asycfilt.dll\");\n if(dllVer)\n {\n ## Check Asycfilt.dll version < 5.2.3790.4676\n if(version_is_less(version:dllVer, test_version:\"5.2.3790.4676\")){\n security_message(0);\n exit(0);\n }\n }\n\n ## Check for DirectX vulnerability\n directXver = registry_get_sz(key:\"SOFTWARE\\Microsoft\\DirectX\",\n item:\"Version\");\n if(directXver =~ \"^4\\.09\")\n {\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Quartz.dll\");\n if(dllVer)\n {\n ## Grep Quartz.dll version 6.5 < 6.5.3790.4660\n if(version_in_range(version:dllVer, test_version:\"6.5\",\n test_version2:\"6.5.3790.4659\")){\n security_message(0);\n exit(0);\n }\n }\n }\n\n ## Check for Media Format Runtime vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Wmvcore.dll\");\n if(dllVer)\n {\n ## Check Asycfilt.dll version from 10.0 < 10.0.0.4007\n if(version_in_range(version:dllVer, test_version:\"10.0\",\n test_version2:\"10.0.0.4006\")){\n security_message(0);\n exit(0);\n }\n }\n }\n}\n\n## Get System32 Path\nsystem32Path = smb_get_system32root();\nif(!system32Path){\n exit(0);\n}\n\n## Windows vista\nif(hotfix_check_sp(winVista:3) > 0)\n{\n ## Check for Asycfilt.dll COM component vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Asycfilt.dll\");\n if(dllVer)\n {\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n ## Check Asycfilt.dll version \n if(version_is_less(version:dllVer, test_version:\"6.0.6001.18454\")){\n security_message(0);\n }\n exit(0);\n }\n \n if(\"Service Pack 2\" >< SP)\n {\n # Grep for Asycfilt.dll version\n if(version_is_less(version:dllVer, test_version:\"6.0.6002.18236\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n }\n\n ## Check for DirectX vulnerability\n directXver = registry_get_sz(key:\"SOFTWARE\\Microsoft\\DirectX\",\n item:\"Version\");\n if(directXver =~ \"^4\\.09\")\n {\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Quartz.dll\");\n if(dllVer)\n {\n ## Grep Quartz.dll version \n if(version_in_range(version:dllVer, test_version:\"6.6\", test_version2:\"6.6.6001.18461\")){\n security_message(0);\n }\n exit(0);\n }\n }\n}\n\n## Windows 2008 server\nif(hotfix_check_sp(win2008:3) > 0)\n{\n ## Check for Asycfilt.dll COM component vulnerability\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Asycfilt.dll\");\n if(dllVer)\n {\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n ## Check Asycfilt.dll version \n if(version_is_less(version:dllVer, test_version:\"6.0.6001.18454\")){\n security_message(0);\n }\n exit(0);\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n # Grep for Asycfilt.dll version\n if(version_is_less(version:dllVer, test_version:\"6.0.6002.18236\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n }\n\n ## Check for DirectX vulnerability\n directXver = registry_get_sz(key:\"SOFTWARE\\Microsoft\\DirectX\",\n item:\"Version\");\n if(directXver =~ \"^4\\.09\")\n {\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Quartz.dll\");\n if(dllVer)\n {\n ## Grep Quartz.dll version \n if(version_in_range(version:dllVer, test_version:\"6.6\", test_version2:\"6.6.6001.18460\")){\n security_message(0);\n }\n exit(0);\n }\n }\n}\n\n## Windows 7\nif(hotfix_check_sp(win7:1) > 0)\n{\n dllVer = fetch_file_version(sysPath:system32Path, file_name:\"Asycfilt.dll\");\n if(dllVer)\n {\n # Grep for Asycfilt.dll version \n if(version_is_less(version:dllVer, test_version:\"6.1.7600.16544\")){\n security_message(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:35", "references": [], "description": "Microsoft Security Bulletin MS10-033 - Critical\r\nVulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)\r\nPublished: June 08, 2010\r\n\r\nVersion: 1.0\r\nGeneral Information\r\nExecutive Summary\r\n\r\nThis security update resolves two privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nThis security update is rated Critical for Quartz.dll (DirectShow) on Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; Critical for Windows Media Format Runtime on Microsoft Windows 2000, Windows XP, and Windows Server 2003; Critical for Asycfilt.dll (COM component) on Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; and Important for Windows Media Encoder 9 x86 and x64 on Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.\r\n\r\nThe security update addresses the vulnerabilities by modifying the way that Windows parses media files. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.\r\n\r\nRecommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.\r\n\r\nFor administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.\r\n\r\nSee also the section, Detection and Deployment Tools and Guidance, later in this bulletin.\r\n\r\nKnown Issues. None\r\nTop of sectionTop of section\r\nAffected and Non-Affected Software\r\n\r\nThe following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.\r\n\r\nAffected Software\r\nOperating System\tComponent\tMaximum Security Impact\tAggregate Severity Rating\tBulletins Replaced by this Update\r\nMicrosoft Windows 2000\t \t \t \t \r\n\r\nMicrosoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nQuartz.dll (DirectShow) (DirectX 9)[1]\r\n(KB975562)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS09-028\r\n\r\nMicrosoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nWindows Media Format Runtime 9[2]\r\n(KB978695)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nMicrosoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nWindows Media Encoder 9 x86\r\n(KB979332)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nMicrosoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nAsycfilt.dll (COM component)\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\nWindows XP\t \t \t \t \r\n\r\nWindows XP Service Pack 2 and Windows XP Service Pack 3\r\n\t\r\n\r\nQuartz.dll (DirectShow)\r\n(KB975562)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS09-028\r\n\r\nWindows XP Service Pack 2\r\n\t\r\n\r\nWindows Media Format Runtime 9, Windows Media Format Runtime 9.5 and Windows Media Format Runtime 11\r\n(KB978695)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS09-047\r\n\r\nWindows XP Service Pack 3\r\n\t\r\n\r\nWindows Media Format Runtime 9, Windows Media Format Runtime 9.5 and Windows Media Format Runtime 11\r\n(KB978695)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS09-047\r\n\r\nWindows XP Service Pack 2 and Windows XP Service Pack 3\r\n\t\r\n\r\nWindows Media Encoder 9 x86\r\n(KB979332)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nWindows XP Service Pack 2 and Windows XP Service Pack 3\r\n\t\r\n\r\nAsycfilt.dll (COM component)\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nQuartz.dll (DirectShow)\r\n(KB975562)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS09-028\r\n\r\nWindows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nWindows Media Format Runtime 9.5\r\n(KB978695)\r\n\r\nWindows Media Format Runtime 9.5 x64 Edition[3]\r\n(KB978695)\r\n\r\nWindows Media Format Runtime 11\r\n(KB978695)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS09-047\r\n\r\nWindows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nWindows Media Encoder 9 x86\r\n(KB979332)\r\n\r\nWindows Media Encoder 9 x64\r\n(KB979332)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nWindows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nAsycfilt.dll (COM component)\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\nWindows Server 2003\t \t \t \t \r\n\r\nWindows Server 2003 Service Pack 2\r\n\t\r\n\r\nQuartz.dll (DirectShow)\r\n(KB975562)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS09-028\r\n\r\nWindows Server 2003 Service Pack 2\r\n\t\r\n\r\nWindows Media Format Runtime 9.5\r\n(KB978695)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS09-047\r\n\r\nWindows Server 2003 Service Pack 2\r\n\t\r\n\r\nWindows Media Encoder 9 x86\r\n(KB979332)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2003 Service Pack 2\r\n\t\r\n\r\nAsycfilt.dll (COM component)\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nQuartz.dll (DirectShow)\r\n(KB975562)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS09-028\r\n\r\nWindows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nWindows Media Format Runtime 9.5\r\n(KB978695)\r\n\r\nWindows Media Format Runtime 9.5 x64 Edition[3]\r\n(KB978695)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS09-047\r\n\r\nWindows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nWindows Media Encoder 9 x86\r\n(KB979332)\r\n\r\nWindows Media Encoder 9 x64\r\n(KB979332)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nAsycfilt.dll (COM component)\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nQuartz.dll (DirectShow)\r\n(KB975562)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS09-028\r\n\r\nWindows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nAsycfilt.dll (COM component)\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\nWindows Vista\t \t \t \t \r\n\r\nWindows Vista Service Pack 1\r\n\t\r\n\r\nQuartz.dll (DirectShow)\r\n(KB975562)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS08-033\r\n\r\nWindows Vista Service Pack 1 and Windows Vista Service Pack 2\r\n\t\r\n\r\nAsycfilt.dll (COM component)\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows Vista Service Pack 1 and Windows Vista Service Pack 2\r\n\t\r\n\r\nWindows Media Encoder 9 x86\r\n(KB979332)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nWindows Vista x64 Edition Service Pack 1\r\n\t\r\n\r\nQuartz.dll (DirectShow)\r\n(KB975562)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS08-033\r\n\r\nWindows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nAsycfilt.dll (COM component)\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nWindows Media Encoder 9 x86\r\n(KB979332)\r\n\r\nWindows Media Encoder 9 x64\r\n(KB979332)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\nWindows Server 2008\t \t \t \t \r\n\r\nWindows Server 2008 for 32-bit Systems\r\n\t\r\n\r\nQuartz.dll (DirectShow)**\r\n(KB975562)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS08-033\r\n\r\nWindows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2\r\n\t\r\n\r\nAsycfilt.dll (COM component)*\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2\r\n\t\r\n\r\nWindows Media Encoder 9 x86**\r\n(KB979332)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2008 for x64-based Systems\r\n\t\r\n\r\nQuartz.dll (DirectShow)**\r\n(KB975562)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS08-033\r\n\r\nWindows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2\r\n\t\r\n\r\nAsycfilt.dll (COM component)*\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2\r\n\t\r\n\r\nWindows Media Encoder 9 x86**\r\n(KB979332)\r\n\r\nWindows Media Encoder 9 x64**\r\n(KB979332)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2008 for Itanium-based Systems\r\n\t\r\n\r\nQuartz.dll (DirectShow)\r\n(KB975562)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS08-033\r\n\r\nWindows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2\r\n\t\r\n\r\nAsycfilt.dll (COM component)\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\nWindows 7\t \t \t \t \r\n\r\nWindows 7 for 32-bit Systems\r\n\t\r\n\r\nAsycfilt.dll (COM component)\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows 7 for x64-based Systems\r\n\t\r\n\r\nAsycfilt.dll (COM component)\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\nWindows Server 2008 R2\t \t \t \t \r\n\r\nWindows Server 2008 R2 for x64-based Systems\r\n\t\r\n\r\nAsycfilt.dll (COM component)*\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\nWindows Server 2008 R2 for Itanium-based Systems\r\n\t\r\n\r\nAsycfilt.dll (COM component)\r\n(KB979482)\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nNone\r\n\r\n*Server Core installation affected. This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option. For more information on this installation option, see the MSDN articles, Server Core and Server Core for Windows Server 2008 R2. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.\r\n\r\n**Server Core installation not affected. The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option. For more information on this installation option, see the MSDN articles, Server Core and Server Core for Windows Server 2008 R2. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.\r\n\r\n[1]The update for Quartz.dll (Direct Show) (DirectX 9) also applies to DirectX 9.0a, DirectX 9.0b, and DirectX 9.0c.\r\n\r\n[2]There are two versions of the Windows Media Format Runtime for Microsoft Windows 2000. This update applies only to the supported Loki (L) version. Customers who have the Non-Loki (NL) version should upgrade to the supported Loki version of Windows Media Format Runtime. For more information, see Microsoft Knowledge Base Article 974316.\r\n\r\n[3]If you have installed Windows Media Format Runtime 9.5 x64 Edition out-of-band, you must apply the Windows Media Format Runtime 9.5 and Windows Media Format Runtime 9.5 x64 Edition security updates in order to be fully protected from the vulnerability discussed in this bulletin.\r\n\r\nNon-Affected Software\r\nOperating System\tComponent\r\n\r\nMicrosoft Windows Server 2000 Service Pack 4\r\n\t\r\n\r\nDirectX 7\r\n\r\nAll supported editions\r\n\t\r\n\r\nMicrosoft Expression Encoder 3\r\nTop of sectionTop of section\r\n\t\r\nFrequently Asked Questions (FAQ) Related to This Security Update\r\n\r\nHow do I determine which version of DirectX is installed on my system? \r\nFor information regarding the determination of which version of DirectX is on your system, see Microsoft Knowledge Base Article 157730.\r\n\r\nNote You may not need to determine which version of DirectX is installed on your system; rather, you should apply the updates that apply to your version of Microsoft Windows.\r\n\r\nI have Windows 7; do I need to update Windows Media Encoder? \r\nThis update for Windows Media Encoder 9 (KB979332) was designed for Windows Vista and earlier operating systems. Microsoft does not support Windows Media Encoder 9 on Windows 7. If you wish to continue using encoding functionality, you should plan to migrate to the free replacement product, Microsoft Expression Encoder 3 Standard.\r\n\r\nWhere are the file information details? \r\nRefer to the reference tables in the Security Update Deployment section for the location of the file information details.\r\n\r\nWhy does this update address several reported security vulnerabilities? \r\nThis update contains support for several vulnerabilities because the modifications that are required to address these issues are located in related files. Instead of having to install several updates that are almost the same, customers need to install this update only.\r\n\r\nI am using an older release of the software discussed in this security bulletin. What should I do? \r\nThe affected software listed in this bulletin have been tested to determine which releases are affected. Other releases are past their support life cycle. For more information about the product lifecycle, visit the Microsoft Support Lifecycle Web site.\r\n\r\nIt should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities. To determine the support lifecycle for your software release, see Select a Product for Lifecycle Information. For more information about service packs for these software releases, see Lifecycle Supported Service Packs.\r\n\r\nCustomers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For contact information, visit the Microsoft Worldwide Information Web site, select the country in the Contact Information list, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager. For more information, see the Microsoft Support Lifecycle Policy FAQ.\r\nTop of sectionTop of section\r\nVulnerability Information\r\n\t\r\nSeverity Ratings and Vulnerability Identifiers\r\n\r\nThe following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the June bulletin summary. For more information, see Microsoft Exploitability Index.\r\nVulnerability Severity Rating and Maximum Security Impact by Affected Software\r\nAffected Software\tMedia Decompression Vulnerability - CVE- CVE-2010-1879\tMJPEG Media Decompression Vulnerability \u2013 CVE-2010-1880\tAggregate Severity Rating\r\nQuartz.dll (DirectShow) \t \t \t \r\n\r\nQuartz.dll (DirectShow) (DirectX 9) when installed on Microsoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nQuartz.dll (DirectShow) on Windows XP Service Pack 2 and Windows XP Service Pack 3\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nQuartz.dll (DirectShow) on Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nQuartz.dll (DirectShow) on Windows Server 2003 Service Pack 2\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nQuartz.dll (DirectShow) on Windows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nQuartz.dll (DirectShow) on Windows Vista Service Pack 1\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nQuartz.dll (DirectShow) on Windows Vista x64 Edition Service Pack 1\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nQuartz.dll (DirectShow) on Windows Server 2008 for 32-bit Systems**\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nQuartz.dll (DirectShow) on Windows Server 2008 for x64-based Systems**\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nQuartz.dll (DirectShow) on Windows Server 2008 for Itanium-based Systems\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical \r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\nWindows Media Format Runtime\t \t \t \r\n\r\nWindows Media Format Runtime 9 on Microsoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nWindows Media Format Runtime 9, Windows Media Format Runtime 9.5 and Windows Media Format Runtime 11 on Windows XP Service Pack 2 and Windows XP Service Pack 3\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nWindows Media Format Runtime 9.5, Windows Media Format Runtime 9.5 x64 Edition and Windows Media Format Runtime 11 when installed on Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nWindows Media Format Runtime 9.5 when installed on Windows Server 2003 Service Pack 2\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nWindows Media Format Runtime 9.5 and Windows Media Format Runtime 9.5 x64 Edition when installed on Windows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\nWindows Media Encoder 9\t \t \t \r\n\r\nWindows Media Encoder 9 x86 when installed on Microsoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nWindows Media Encoder 9 x86 when installed on Windows XP Service Pack 2 and Windows XP Service Pack 3\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nWindows Media Encoder 9 x86 when installed on Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nWindows Media Encoder 9 x64 when installed on Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nWindows Media Encoder 9 x86 when installed on Windows Server 2003 Service Pack 2\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nWindows Media Encoder 9 x64 when installed on Windows Server 2003 Service Pack 2\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nWindows Media Encoder 9 x64 when installed on Windows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nWindows Media Encoder 9 x86 when installed on Windows Vista Service Pack 1 and Windows Vista Service Pack 2\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nWindows Media Encoder 9 x86 when installed on Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nWindows Media Encoder 9 x64 when installed on Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nWindows Media Encoder 9 x86 when installed on Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 **\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nWindows Media Encoder 9 x86 when installed on Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\n\r\nWindows Media Encoder 9 x64 when installed on Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**\r\n\t\r\n\r\nImportant\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nImportant\r\nAsycfilt.dll (COM component)\t \t \t \r\n\r\nAsycfilt.dll (COM component) on Microsoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows XP Service Pack 2 and Windows XP Service Pack 3\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows Server 2003 Service Pack 2\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows Vista Service Pack 1\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows Vista x64 Edition Service Pack 1\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows 7 for 32-bit Systems\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows 7 for x64-based Systems\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows Server 2008 R2 for x64-based Systems*\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\nAsycfilt.dll (COM component) on Windows Server 2008 R2 for Itanium-based Systems\r\n\t\r\n\r\nCritical\r\nRemote Code Execution\r\n\t\r\n\r\nNot applicable\r\n\t\r\n\r\nCritical\r\n\r\n*Server Core installation affected. This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option. For more information on this installation option, see the MSDN articles, Server Core and Server Core for Windows Server 2008 R2. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.\r\n\r\n**Server Core installation not affected. The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 and Windows Server 2008 R2 when installed using the Server Core installation option. For more information on this installation option, see the MSDN articles, Server Core and Server Core for Windows Server 2008 R2. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.\r\nTop of sectionTop of section\r\n\t\r\nMedia Decompression Vulnerability - CVE-2010-1879\r\n\r\nA remote code execution vulnerability exists in the way that Microsoft Windows handles media files. This vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-1879.\r\n\t\r\nMitigating Factors for Media Decompression Vulnerability - CVE-2010-1879\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\u2022\t\r\n\r\nIn a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker\u2019s Web site.\r\n\u2022\t\r\n\r\nThe vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Media Decompression Vulnerability - CVE-2010-1879\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nDisable decoding of MJPEG content in Quartz.dll on Microsoft Windows 2000, Windows XP, and Windows Server 2003\r\n\r\n1.\r\n\t\r\n\r\nCreate a backup copy of the registry keys by using a managed deployment script that contains the following commands:\r\n\r\nregedit /e MJPEG_Decoder_Backup.reg HKEY_CLASSES_ROOT\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\r\n\r\n2.\r\n\t\r\n\r\nNext, save the following to a file with a .REG extension, such as Disable_MJPEG_Decoder.reg:\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[-HKEY_CLASSES_ROOT\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}]\r\n\r\n3.\r\n\t\r\n\r\nRun the above registry script on the target machine with the following command from an elevated command prompt:\r\n\r\nRegedit.exe /s Disable_MJPEG_Decoder.reg\r\n\r\nImpact of workaround: Disabling the decoding of MJPEG content will prevent playback.\r\n\r\nHow to undo the workaround. Run the above registry script on the target machine with the following command from an elevated command prompt:\r\n\r\nRegedit.exe /s Disable_MJPEG_Decoder.reg\r\n\r\n\u2022\t\r\n\r\nModify the Access Control List for Windows Media Format Runtime (wmvcore.dll)\r\n\r\nOn Windows XP (all editions), run the following command from a command prompt (requires administrative privileges):\r\n\r\nFor 32-bit Windows:\r\n\r\ncacls <PATH_AND_FILENAME> /E /P everyone:N\r\n\r\nFor 64-bit Windows:\r\n\r\ncacls <64BIT_PATH_AND_FILENAME> /E /P everyone:N\r\n\r\nNote Be sure to consider paths in 64-bit Windows such as %ProgramFiles(86)% and %windir%\SysWOW64.\r\n\r\nHow to undo the workaround. Run the following commands from a command prompt (requires administrative privileges).\r\n\r\nOn Windows XP (all editions):\r\n\r\nFor 32-bit Windows:\r\n\r\ncacls <PATH_AND_FILENAME> /E /R everyone\r\n\r\nFor 64-bit Windows:\r\n\r\ncacls <64BIT_PATH_AND_FILENAME> /E /R everyone\r\n\r\nNote Be sure to consider paths in 64-bit Windows such as %ProgramFiles(86)% and %windir%\SysWOW64.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Media Decompression Vulnerability - CVE-2010-1879\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nWhat causes the vulnerability? \r\nThe Windows components for processing media files do not properly handle specially crafted compression data.\r\n\r\nWhat is DirectX? \r\nMicrosoft DirectX is a feature of the Windows operating system. It is used for streaming media on Microsoft Windows operating systems to enable graphics and sound when playing games or watching video.\r\n\r\nWhat is DirectShow? \r\nDirectX consists of a set of low-level Application Programming Interfaces (APIs) used by Windows programs for multimedia support. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering.\r\n\r\nMicrosoft DirectShow is used for streaming media on Microsoft Windows operating systems. DirectShow is used for high-quality capture and playback of multimedia streams. It automatically detects and uses video and audio acceleration hardware when available, but also supports systems without acceleration hardware. DirectShow is also integrated with other DirectX technologies. Some examples of applications that use DirectShow include DVD players, video editing applications, AVI to ASF converters, MP3 players, and digital video capture applications\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nIf a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nExploitation of this vulnerability requires that a user open a specially crafted media file or receive specially crafted streaming content from a Web site or any application that delivers Web content.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nFor Direct Show, the vulnerability requires a user to open a specially crafted MJPEG video file.\r\n\r\nFor the Windows Media Format Runtime-based application, the vulnerability requires a user to open a specially crafted ASF file (having JPEG embedded) in any Windows Media Format Runtime-based application for any malicious action to occur.\r\n\r\nFor the Windows Media Encoder, the vulnerability requires a user to open a specially crafted JPEG file for encoding or open an already-created project file (.wma) with a specially crafted JPEG file embedded in it.\r\n\r\nFor the Asycfilt.dll (COM component), the vulnerability requires a user to open a specially crafted media file.\r\n\r\nAny systems where any of these components are used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nWhat does the update do? \r\nThe update removes the vulnerability by modifying the way that Windows parses media files.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through responsible disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nMJPEG Media Decompression Vulnerability - CVE-2010-1880\r\n\r\nA remote code execution vulnerability exists in the way that Microsoft Windows handles media files. This vulnerability could allow remote code execution if a user opened a specially crafted file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-1880.\r\n\t\r\nMitigating Factors for MJPEG Media Decompression Vulnerability - CVE-2010-1880\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\u2022\t\r\n\r\nIn a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker\u2019s Web site.\r\n\u2022\t\r\n\r\nThe vulnerability could not be exploited automatically through e-mail. For an attack to be successful a user must open an attachment this is sent in an e-mail message.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for MJPEG Media Decompression Vulnerability - CVE-2010-1880\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nUpgrade Windows Media Encoder to Microsoft Expression Encoder 3\r\n\r\nMicrosoft Expression Encoder 3 is not affected by the vulnerabilities described in this bulletin. Expression Encoder is a professional encoding tool that offers enhancement, encoding, and publishing of rich video experiences with Microsoft Silverlight. Convert and compress multiple video formats to SMPTE standard VC-1 video or H.264 for mobile, Web, and HD video scenarios. For streamlined workflow, create branded templates with Expression Blend, and encode on the desktop or server to guarantee a consistent viewing experience on Windows, Mac, and devices. Download Microsoft Expression Encoder 3 Standard for Windows XP, Windows Vista, and Windows 7 here.\r\n\u2022\t\r\n\r\nDisable decoding of MJPEG content in Quartz.dll on Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008\r\n\r\n1.\r\n\t\r\n\r\nCreate a backup copy of the registry keys by using a managed deployment script that contains the following commands:\r\n\r\nregedit /e MJPEG_Decoder_Backup.reg HKEY_CLASSES_ROOT\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\r\n\r\n2.\r\n\t\r\n\r\nNext, save the following to a file with a .REG extension, such as Disable_MJPEG_Decoder.reg:\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[-HKEY_CLASSES_ROOT\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}]\r\n\r\n3.\r\n\t\r\n\r\nRun the above registry script on the target machine with the following command from an elevated command prompt:\r\n\r\nRegedit.exe /s Disable_MJPEG_Decoder.reg\r\n\r\nImpact of workaround: Disabling decoding of MJPEG content will prevent playback.\r\n\r\nHow to undo the workaround.\r\n\r\nRun the above registry script on the target machine with the following command from an elevated command prompt:\r\n\r\nRegedit.exe /s Disable_MJPEG_Decoder.reg\r\n\r\nTop of sectionTop of section\r\n\t\r\nFAQ for MJPEG Media Decompression Vulnerability - CVE-2010-1880\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nWhat causes the vulnerability? \r\nThe Windows components for processing media files do not properly handle specially crafted compression data.\r\n\r\nWhat is DirectX? \r\nMicrosoft DirectX is a feature of the Windows operating system. It is used for streaming media on Microsoft Windows operating systems to enable graphics and sound when playing games or watching video.\r\n\r\nWhat is DirectShow? \r\nDirectX consists of a set of low-level Application Programming Interfaces (APIs) used by Windows programs for multimedia support. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering.\r\n\r\nMicrosoft DirectShow is used for streaming media on Microsoft Windows operating systems. DirectShow is used for high-quality capture and playback of multimedia streams. It automatically detects and uses video and audio acceleration hardware when available, but also supports systems without acceleration hardware. DirectShow is also integrated with other DirectX technologies. Some examples of applications that use DirectShow include DVD players, video editing applications, AVI to ASF converters, MP3 players, and digital video capture applications\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nIf a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nExploitation of this vulnerability requires that a user open a specially crafted media file or receive specially crafted streaming content from a Web site or any application that delivers Web content.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires a user to open a specially crafted MJPEG video file for any malicious action to occur. Any systems where these files are used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nWhat does the update do? \r\nThe update removes the vulnerability by modifying the way that Windows parses media files.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through responsible disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.\r\n\r\nOther Information\r\nAcknowledgments\r\n\r\nMicrosoft thanks the following for working with us to help protect customers:\r\n\u2022\t\r\n\r\nYamata Li of Palo Alto Networks for reporting an issue described in (CVE-2010-1879)\r\n\u2022\t\r\n\r\nYamata Li of Palo Alto Networks for reporting an issue described in (CVE-2010-1880)\r\nTop of sectionTop of section\r\nMicrosoft Active Protections Program (MAPP)\r\n\r\nTo improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.\r\nTop of sectionTop of section\r\nSupport\r\n\u2022\t\r\n\r\nCustomers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.\r\n\u2022\t\r\n\r\nInternational customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.\r\n\r\nDisclaimer\r\n\r\nThe information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\n\r\nRevisions\r\n\u2022\t\r\n\r\nV1.0 (June 8, 2010): Bulletin published.", "edition": 1, "reporter": "Securityvulns", "published": "2010-06-08T00:00:00", "title": "Microsoft Security Bulletin MS10-033 - Critical Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:35", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-1879", "CVE-2010-1880"], "modified": "2010-06-08T00:00:00", "id": "SECURITYVULNS:DOC:24012", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24012", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:10:32", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "BUGTRAQ ID: 40464,40432\r\nCVE ID: CVE-2010-1879,CVE-2010-1880\r\n\r\nWindows\u662f\u5fae\u8f6f\u53d1\u5e03\u7684\u975e\u5e38\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nWindows\u4e2d\u7684\u591a\u4e2a\u591a\u5a92\u4f53\u5904\u7406\u7ec4\u4ef6\u5728\u5904\u7406\u5a92\u4f53\u6587\u4ef6\u65f6\u6ca1\u6709\u6b63\u786e\u5730\u89e3\u6790\u5176\u4e2d\u7684\u538b\u7f29\u6570\u636e\uff0c\u5982\u679c\u7528\u6237\u6253\u5f00\u4e86\u7279\u5236\u7684\u5a92\u4f53\u6587\u4ef6\uff0c\u5c31\u53ef\u80fd\u5141\u8bb8\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u5982\u679c\u7528\u6237\u4ee5\u7ba1\u7406\u6743\u9650\u767b\u5f55\uff0c\u5219\u6210\u529f\u5229\u7528\u6b64\u6f0f\u6d1e\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002\n\nMicrosoft DirectX 9.0\r\nMicrosoft Media Format Runtime 9.5 x64\r\nMicrosoft Media Format Runtime 9.5\r\nMicrosoft Media Format Runtime 9\r\nMicrosoft Media Format Runtime 11\r\nMicrosoft Media Encoder 9 x86\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n\u5982\u679c\u60a8\u4e0d\u80fd\u7acb\u523b\u5b89\u88c5\u8865\u4e01\u6216\u8005\u5347\u7ea7\uff0cNSFOCUS\u5efa\u8bae\u60a8\u91c7\u53d6\u4ee5\u4e0b\u63aa\u65bd\u4ee5\u964d\u4f4e\u5a01\u80c1\uff1a\r\n\r\n* \u5728Microsoft Windows 2000\u3001Windows XP\u548cWindows Server 2003\u4e0a\u7981\u6b62\u5728Quartz.dll\u4e2d\u89e3\u7801MJPEG\u5185\u5bb9\u3002\r\n \r\n 1. \u4f7f\u7528\u5305\u542b\u6709\u4ee5\u4e0b\u547d\u4ee4\u7684\u7ba1\u7406\u90e8\u7f72\u811a\u672c\u521b\u5efa\u6ce8\u518c\u8868\u9879\u7684\u5907\u4efd\u62f7\u8d1d\uff1a\r\n regedit /e MJPEG_Decoder_Backup.reg HKEY_CLASSES_ROOT\\CLSID\\{301056D0-6DFF-11D2-9EEB-006008039E37}\r\n \r\n 2. \u4ee5.REG\u6269\u5c55\u540d\u4fdd\u5b58\u4ee5\u4e0b\u5185\u5bb9\uff0c\u5982Disable_MJPEG_Decoder.reg\uff1a\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[-HKEY_CLASSES_ROOT\\CLSID\\{301056D0-6DFF-11D2-9EEB-006008039E37}]\r\n \r\n 3. \u5728\u76ee\u6807\u673a\u5668\u4e0a\u4ece\u63d0\u5347\u7684\u547d\u4ee4\u63d0\u793a\u7b26\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u8fd0\u884c\u4e0a\u8ff0\u6ce8\u518c\u8868\u811a\u672c\uff1a\r\n Regedit.exe /s Disable_MJPEG_Decoder.reg\r\n\r\n* \u4fee\u6539wmvcore.dll\u7684\u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff1a\r\n \r\n \u5728Windows XP\u7684\u6240\u6709\u7248\u672c\u4e0a\uff0c\u4ece\u547d\u4ee4\u63d0\u793a\u7b26\u8fd0\u884c\u4ee5\u4e0b\u547d\u4ee4\uff08\u9700\u8981\u7ba1\u7406\u6743\u9650\uff09\uff1a\r\n \r\n 32\u4f4dWindows\uff1a\r\n cacls <PATH_AND_FILENAME> /E /P everyone:N\r\n\r\n 64\u4f4dWindows\uff1a\r\n cacls <64BIT_PATH_AND_FILENAME> /E /P everyone:N\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMicrosoft\r\n---------\r\nMicrosoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS10-033\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nMS10-033\uff1aVulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)\r\n\u94fe\u63a5\uff1ahttp://www.microsoft.com/technet/security/bulletin/MS10-033.mspx?pf=true", "reporter": "Root", "published": "2010-06-10T00:00:00", "type": "seebug", "title": "Windows\u5a92\u4f53\u89e3\u538b\u591a\u4e2a\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08MS10-033\uff09", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1879", "CVE-2010-1880"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2010-06-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19783", "id": "SSV:19783", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "status": "details"}], "nessus": [{"lastseen": "2018-09-01T23:33:47", "references": ["https://technet.microsoft.com/library/security/MS10-033"], "pluginID": "46840", "description": "The remote Windows host has multiple unspecified code execution vulnerabilities related to media decompression. A remote attacker could exploit this by tricking a user into opening a specially crafted media file, resulting in arbitrary code execution.", "edition": 6, "reporter": "Tenable", "published": "2010-06-09T00:00:00", "title": "MS10-033: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Windows : Microsoft Bulletins", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1879", "CVE-2010-1880"], "modified": "2018-07-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS10-033.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=46840", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(46840);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/30 15:31:32\");\n\n script_cve_id(\"CVE-2010-1879\", \"CVE-2010-1880\");\n script_bugtraq_id(40432, 40464);\n script_xref(name:\"IAVA\", value:\"2010-A-0078\");\n script_xref(name:\"MSFT\", value:\"MS10-033\");\n script_xref(name:\"MSKB\", value:\"975562\");\n script_xref(name:\"MSKB\", value:\"978695\");\n script_xref(name:\"MSKB\", value:\"979332\");\n script_xref(name:\"MSKB\", value:\"979482\");\n\n script_name(english:\"MS10-033: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)\");\n script_summary(english:\"Checks if multiple vulnerable apps are installed\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Opening a specially crafted media file can result in arbitrary code\nexecution.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host has multiple unspecified code execution\nvulnerabilities related to media decompression. A remote attacker\ncould exploit this by tricking a user into opening a specially crafted\nmedia file, resulting in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://technet.microsoft.com/library/security/MS10-033\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for DirectX 9, Windows Media\nFormat Runtime, Windows Media Encoder, and Asycfilt.dll (COM\ncomponent).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS10-033';\nkbs = make_list(\"975562\", \"978695\", \"979332\", \"979482\");\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win2k:'4,5', xp:'2,3', win2003:'2', vista:'1,2', win7:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Locate the Windows Media Encoder install.\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\nport = kb_smb_transport();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, \"smb_session_init\");\n\nhcf_init = TRUE;\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, \"IPC$\");\n}\n\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n audit(AUDIT_REG_FAIL);\n}\n\nwme_path = \"\";\nkey = \"Software\\Microsoft\\Windows Media\\Encoder\";\nitem = \"InstallDir\";\n\nkey_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\nif (!isnull(key_h))\n{\n value = RegQueryValue(handle:key_h, item:item);\n if (!isnull(value)) wme_path = value[1];\n\n RegCloseKey(handle:key_h);\n}\nRegCloseKey(handle:hklm);\nNetUseDel(close:FALSE);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nvuln = FALSE;\n\n# - Asycfilt.dll (COM component)\nif (\n # Windows 7 and Windows Server 2008 R2\n hotfix_is_vulnerable(os:\"6.1\", file:\"Asycfilt.dll\", version:\"6.1.7600.20660\", min_version:\"6.1.7600.20000\", dir:\"\\system32\", bulletin:bulletin, kb:'979482') ||\n hotfix_is_vulnerable(os:\"6.1\", file:\"Asycfilt.dll\", version:\"6.1.7600.16544\", min_version:\"6.1.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:'979482') ||\n\n # Vista / Windows 2008\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Asycfilt.dll\", version:\"6.0.6002.22377\", min_version:\"6.0.6002.20000\", dir:\"\\system32\", bulletin:bulletin, kb:'979482') ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Asycfilt.dll\", version:\"6.0.6002.18236\", min_version:\"6.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:'979842') ||\n hotfix_is_vulnerable(os:\"6.0\", sp:1, file:\"Asycfilt.dll\", version:\"6.0.6001.22665\", min_version:\"6.0.6001.22000\", dir:\"\\system32\", bulletin:bulletin, kb:'979842') ||\n hotfix_is_vulnerable(os:\"6.0\", sp:1, file:\"Asycfilt.dll\", version:\"6.0.6001.18454\", min_version:\"6.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:'979842') ||\n\n # Windows 2003 / XP x64\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Asycfilt.dll\", version:\"5.2.3790.4676\", dir:\"\\system32\", bulletin:bulletin, kb:'979842') ||\n\n # Windows XP x86\n hotfix_is_vulnerable(os:\"5.1\", sp:3, arch:\"x86\", file:\"Asycfilt.dll\", version:\"5.1.2600.5949\", dir:\"\\system32\", bulletin:bulletin, kb:'979842') ||\n hotfix_is_vulnerable(os:\"5.1\", sp:2, arch:\"x86\", file:\"Asycfilt.dll\", version:\"5.1.2600.3680\", dir:\"\\system32\", bulletin:bulletin, kb:'979842') ||\n\n # Windows 2000\n hotfix_is_vulnerable(os:\"5.0\", file:\"Asycfilt.dll\", version:\"2.40.4534.0\", dir:\"\\system32\", bulletin:bulletin, kb:'979842')\n) vuln = TRUE;\n\n# - Quartz.dll (DirectShow)\nif (hotfix_check_server_core() == 0)\n{\n if (\n # Vista / Windows 2008\n hotfix_is_vulnerable(os:\"6.0\", file:\"Quartz.dll\", version:\"6.6.6001.22672\", min_version:\"6.6.6001.22000\", dir:\"\\System32\", bulletin:bulletin, kb:'975562') ||\n hotfix_is_vulnerable(os:\"6.0\", file:\"Quartz.dll\", version:\"6.6.6001.18461\", min_version:\"6.6.0.0\", dir:\"\\System32\", bulletin:bulletin, kb:'975562') ||\n\n # Windows 2003 / XP x64\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Quartz.dll\", version:\"6.5.3790.4660\", dir:\"\\System32\", bulletin:bulletin, kb:'975562') ||\n\n # Windows XP x86\n hotfix_is_vulnerable(os:\"5.1\", sp:3, arch:\"x86\", file:\"Quartz.dll\", version:\"6.5.2600.5933\", min_version:\"6.5.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:'975562') ||\n hotfix_is_vulnerable(os:\"5.1\", sp:2, arch:\"x86\", file:\"Quartz.dll\", version:\"6.5.2600.3665\", min_version:\"6.5.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:'975562') ||\n\n # Windows 2000\n # - Quartz.dll (DirectShow)\n hotfix_is_vulnerable(os:\"5.0\", file:\"Quartz.dll\", version:\"6.5.1.914\", min_version:\"6.5.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:'975562')\n ) vuln = TRUE;\n}\n\n# - Media Format Runtime 9, 9.5, and 11.\nif (\n # Windows 2003 / XP x64\n hotfix_is_vulnerable(os:\"5.2\", sp:2, arch:\"x86\", file:\"Wmvcore.dll\", version:\"10.0.0.4007\", min_version:\"10.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:'978695') ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, arch:\"x64\", file:\"Wmvcore.dll\", version:\"10.0.0.3821\", min_version:\"10.0.0.0\", dir:\"\\SysWOW64\", bulletin:bulletin, kb:'978695') ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, arch:\"x64\", file:\"Wmvcore.dll\", version:\"10.0.0.4007\", min_version:\"10.0.0.4000\", dir:\"\\SysWOW64\", bulletin:bulletin, kb:'978695') ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, arch:\"x86\", file:\"Wmvcore.dll\", version:\"11.0.5721.5275\", min_version:\"11.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:'978695') ||\n\n # Windows XP x86\n hotfix_is_vulnerable(os:\"5.1\", sp:2, arch:\"x86\", file:\"Wmvcore.dll\", version:\"9.0.0.3272\", min_version:\"9.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:'978695') ||\n hotfix_is_vulnerable(os:\"5.1\", sp:2, arch:\"x86\", file:\"Wmvcore.dll\", version:\"9.0.0.3369\", min_version:\"9.0.0.3300\", dir:\"\\system32\", bulletin:bulletin, kb:'978695') ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, arch:\"x86\", file:\"Wmvcore.dll\", version:\"9.0.0.4509\", min_version:\"9.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:'978695') ||\n hotfix_is_vulnerable(os:\"5.1\", sp:2, arch:\"x86\", file:\"Wmvcore.dll\", version:\"10.0.0.4374\", min_version:\"10.0.0.4300\", dir:\"\\system32\", bulletin:bulletin, kb:'978695') ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, arch:\"x86\", file:\"Wmvcore.dll\", version:\"10.0.0.4374\", min_version:\"10.0.0.4300\", dir:\"\\system32\", bulletin:bulletin, kb:'978695') ||\n hotfix_is_vulnerable(os:\"5.1\", sp:2, arch:\"x86\", file:\"Wmvcore.dll\", version:\"10.0.0.3706\", min_version:\"10.0.0.3700\", dir:\"\\system32\", bulletin:bulletin, kb:'978695') ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, arch:\"x86\", file:\"Wmvcore.dll\", version:\"10.0.0.3706\", min_version:\"10.0.0.3700\", dir:\"\\system32\", bulletin:bulletin, kb:'978695') ||\n hotfix_is_vulnerable(os:\"5.1\", sp:2, arch:\"x86\", file:\"Wmvcore.dll\", version:\"10.0.0.4078\", min_version:\"10.0.0.4000\", dir:\"\\system32\", bulletin:bulletin, kb:'978695') ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, arch:\"x86\", file:\"Wmvcore.dll\", version:\"10.0.0.4078\", min_version:\"10.0.0.4000\", dir:\"\\system32\", bulletin:bulletin, kb:'978695') ||\n hotfix_is_vulnerable(os:\"5.1\", sp:2, arch:\"x86\", file:\"Wmvcore.dll\", version:\"11.0.5721.5275\", min_version:\"11.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:'978695') ||\n hotfix_is_vulnerable(os:\"5.1\", sp:3, arch:\"x86\", file:\"Wmvcore.dll\", version:\"11.0.5721.5275\", min_version:\"11.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:'978695') ||\n\n # Windows 2000\n hotfix_is_vulnerable(os:\"5.0\", file:\"Wmvcore.dll\", version:\"9.0.0.3369\", dir:\"\\system32\", bulletin:bulletin, kb:'978695')\n) vuln = TRUE;\n\n# - Windows Media Encoder.\nif (wme_path && hotfix_check_server_core() == 0)\n{\n share = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:wme_path);\n if (!is_accessible_share(share:share)) exit(1, \"Can't access '\"+share+\"' share.\");\n\n if (\n hotfix_check_fversion(file:\"Wmenceng.dll\", path:wme_path, version:\"10.0.0.3821\", min_version:\"10.0.0.0\", bulletin:bulletin, kb:'979332') == HCF_OLDER ||\n hotfix_check_fversion(file:\"Wmenceng.dll\", path:wme_path, version:\"9.0.0.3369\", min_version:\"9.0.0.0\", bulletin:bulletin, kb:'979332') == HCF_OLDER\n ) vuln = TRUE;\n}\n\n# Issue a report if we're vulnerable.\nif (vuln)\n{\n set_kb_item(name:\"SMB/Missing/MS10-033\", value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
