{"cve": [{"lastseen": "2021-02-02T05:45:00", "description": "Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka \"Movie Maker Memory Corruption Vulnerability.\"", "edition": 4, "cvss3": {}, "published": "2010-08-11T18:47:00", "title": "CVE-2010-2564", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2564"], "modified": "2018-10-12T21:57:00", "cpe": ["cpe:/a:microsoft:windows_movie_maker:2.1", "cpe:/a:microsoft:windows_movie_maker:2.6", "cpe:/a:microsoft:windows_movie_maker:6.0"], "id": "CVE-2010-2564", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2564", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:windows_movie_maker:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:windows_movie_maker:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:windows_movie_maker:2.6:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-04-27T19:23:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2564"], "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS10-050.", "modified": "2020-04-23T00:00:00", "published": "2010-08-11T00:00:00", "id": "OPENVAS:1361412562310900248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900248", "type": "openvas", "title": "Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Updated By: Madhuri D <dmadhuri@secpod.com> on 2010-09-11\n# - To detect file version 'moviemk.exe' on vista\n#\n# Updated By: Sooraj KS <kssooraj@secpod.com> on 2011-07-18\n# - Updated Movie Maker path\n#\n# Copyright:\n# Copyright (C) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900248\");\n script_version(\"2020-04-23T12:22:09+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 12:22:09 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-08-11 15:08:29 +0200 (Wed, 11 Aug 2010)\");\n script_cve_id(\"CVE-2010-2564\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/38931/\");\n script_xref(name:\"URL\", value:\"http://support.microsoft.com/kb/981997\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-050\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/registry_enumerated\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary\n code with the privileges of the user running the application.\");\n script_tag(name:\"affected\", value:\"Movie Maker 2.1 on Microsoft Windows XP Service Pack 3 and prior.\");\n script_tag(name:\"insight\", value:\"The application fails to perform adequate boundary checks when parsing\n strings in imported project files (.MSWMM), which leads to buffer overflow.\");\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS10-050.\");\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, winVista:3) <= 0){\n exit(0);\n}\n\n## MS10-050 Hotfix check\nif(hotfix_missing(name:\"981997\") == 0){\n exit(0);\n}\n\nif(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\" +\n \"\\App Paths\\moviemk.exe\")){\n exit(0);\n}\n\nmoviemkPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\");\nif(!moviemkPath){\n exit(0);\n}\n\nmoviemkPath = moviemkPath + \"\\Movie Maker\\moviemk.exe\";\n\nshare = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:moviemkPath);\nfile = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:moviemkPath);\n\nmoviemkVer = GetVer(file:file, share:share);\nif(!moviemkVer){\n exit(0);\n}\n\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 3\" >< SP)\n {\n if(version_in_range(version:moviemkVer, test_version:\"2.1\",\n test_version2:\"2.1.4027.0\")){\n report = report_fixed_ver(installed_version:moviemkVer, vulnerable_range:\"2.1 - 2.1.4027.0\", install_path:moviemkPath);\n security_message(port: 0, data: report);\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\nif(hotfix_check_sp(winVista:3) > 0)\n{\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n if(version_is_less(version:moviemkVer, test_version:\"6.0.6001.18494\")){\n report = report_fixed_ver(installed_version:moviemkVer, fixed_version:\"6.0.6001.18494\", install_path:moviemkPath);\n security_message(port: 0, data: report);\n }\n exit(0);\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n if(version_is_less(version:moviemkVer, test_version:\"6.0.6002.18273\")){\n report = report_fixed_ver(installed_version:moviemkVer, fixed_version:\"6.0.6002.18273\", install_path:moviemkPath);\n security_message(port: 0, data: report);\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2564"], "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS10-050.", "modified": "2017-02-20T00:00:00", "published": "2010-08-11T00:00:00", "id": "OPENVAS:900248", "href": "http://plugins.openvas.org/nasl.php?oid=900248", "type": "openvas", "title": "Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms10-050.nasl 5361 2017-02-20 11:57:13Z cfi $\n#\n# Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Updated By: Madhuri D <dmadhuri@secpod.com> on 2010-09-11\n# - To detect file version 'moviemk.exe' on vista\n#\n# Updated By: Sooraj KS <kssooraj@secpod.com> on 2011-07-18\n# - Updated Movie Maker path\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://www.microsoft.com/technet/security/bulletin/MS10-050.mspx\";\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary\n code with the privileges of the user running the application.\n Impact Level: Application/System\";\ntag_affected = \"Movie Maker 2.1 on Microsoft Windows XP Service Pack 3 and prior.\";\ntag_insight = \"The application fails to perform adequate boundary checks when parsing\n strings in imported project files (.MSWMM), which leads to buffer overflow.\";\ntag_summary = \"This host is missing a critical security update according to\n Microsoft Bulletin MS10-050.\";\n\nif(description)\n{\n script_id(900248);\n script_version(\"$Revision: 5361 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:57:13 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-11 15:08:29 +0200 (Wed, 11 Aug 2010)\");\n script_cve_id(\"CVE-2010-2564\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/38931/\");\n script_xref(name : \"URL\" , value : \"http://support.microsoft.com/kb/981997\");\n script_xref(name : \"URL\" , value : \"http://www.microsoft.com/technet/security/bulletin/MS10-050.mspx\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n## Check for OS and Service Pack\nif(hotfix_check_sp(xp:4, winVista:3) <= 0){\n exit(0);\n}\n\n## MS10-050 Hotfix check\nif(hotfix_missing(name:\"981997\") == 0){\n exit(0);\n}\n\n## Confirm Application\nif(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\" +\n \"\\App Paths\\moviemk.exe\")){\n exit(0);\n}\n\n## Get moviemk.exe Path\nmoviemkPath = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\",\n item:\"ProgramFilesDir\");\nif(!moviemkPath){\n exit(0);\n}\n\nmoviemkPath = moviemkPath + \"\\Movie Maker\\moviemk.exe\";\n\nshare = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:moviemkPath);\nfile = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:moviemkPath);\n\n## Get File Version\nmoviemkVer = GetVer(file:file, share:share);\nif(!moviemkVer){\n exit(0);\n}\n\n## Windows XP\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 3\" >< SP)\n {\n ## Grep for moviemk.exe > 2.1 and < 2.1.4028.0\n if(version_in_range(version:moviemkVer, test_version:\"2.1\",\n test_version2:\"2.1.4027.0\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n## Windows Vista\nif(hotfix_check_sp(winVista:3) > 0)\n{\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n ## Grep for moviemk.exe version < 6.0.6001.18494\n if(version_is_less(version:moviemkVer, test_version:\"6.0.6001.18494\")){\n security_message(0);\n }\n exit(0);\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n # Grep for moviemk.exe version < 6.0.6002.18273\n if(version_is_less(version:moviemkVer, test_version:\"6.0.6002.18273\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "saint": [{"lastseen": "2016-10-03T15:01:59", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-2564"], "description": "Added: 08/27/2010 \nCVE: [CVE-2010-2564](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2564>) \nBID: [42268](<http://www.securityfocus.com/bid/42268>) \nOSVDB: [66986](<http://www.osvdb.org/66986>) \n\n\n### Background\n\n[Windows Movie Maker](<http://www.microsoft.com/windowsxp/downloads/updates/moviemaker2.mspx>) is software for creating and editing home movies. \n\n### Problem\n\nA buffer overflow vulnerability when parsing `MediaClipString` data allows command execution when a user opens a specially crafted `.MSWMM` file. \n\n### Resolution\n\nApply the update referenced in [Microsoft Security Bulletin 10-050](<http://www.microsoft.com/technet/security/bulletin/MS10-050.mspx>). \n\n### References\n\n<http://secunia.com/advisories/38931/> \n\n\n### Limitations\n\nExploit works on Microsoft Windows Movie Maker 2.1 and requires the user to open the exploit file. \n\n### Platforms\n\nWindows \n \n\n", "edition": 1, "modified": "2010-08-27T00:00:00", "published": "2010-08-27T00:00:00", "id": "SAINT:9118483CC308FF1D80770D9E2214B3B5", "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/ms_movie_maker_mediaclipstring", "type": "saint", "title": "Microsoft Windows Movie Maker MediaClipString Buffer Overflow", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T17:19:48", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-2564"], "edition": 2, "description": "Added: 08/27/2010 \nCVE: [CVE-2010-2564](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2564>) \nBID: [42268](<http://www.securityfocus.com/bid/42268>) \nOSVDB: [66986](<http://www.osvdb.org/66986>) \n\n\n### Background\n\n[Windows Movie Maker](<http://www.microsoft.com/windowsxp/downloads/updates/moviemaker2.mspx>) is software for creating and editing home movies. \n\n### Problem\n\nA buffer overflow vulnerability when parsing `MediaClipString` data allows command execution when a user opens a specially crafted `.MSWMM` file. \n\n### Resolution\n\nApply the update referenced in [Microsoft Security Bulletin 10-050](<http://www.microsoft.com/technet/security/bulletin/MS10-050.mspx>). \n\n### References\n\n<http://secunia.com/advisories/38931/> \n\n\n### Limitations\n\nExploit works on Microsoft Windows Movie Maker 2.1 and requires the user to open the exploit file. \n\n### Platforms\n\nWindows \n \n\n", "modified": "2010-08-27T00:00:00", "published": "2010-08-27T00:00:00", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/ms_movie_maker_mediaclipstring", "id": "SAINT:C86AE9844458ABD9A5F6EF0F6EBBBAC8", "type": "saint", "title": "Microsoft Windows Movie Maker MediaClipString Buffer Overflow", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-06-04T23:19:39", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-2564"], "description": "Added: 08/27/2010 \nCVE: [CVE-2010-2564](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2564>) \nBID: [42268](<http://www.securityfocus.com/bid/42268>) \nOSVDB: [66986](<http://www.osvdb.org/66986>) \n\n\n### Background\n\n[Windows Movie Maker](<http://www.microsoft.com/windowsxp/downloads/updates/moviemaker2.mspx>) is software for creating and editing home movies. \n\n### Problem\n\nA buffer overflow vulnerability when parsing `MediaClipString` data allows command execution when a user opens a specially crafted `.MSWMM` file. \n\n### Resolution\n\nApply the update referenced in [Microsoft Security Bulletin 10-050](<http://www.microsoft.com/technet/security/bulletin/MS10-050.mspx>). \n\n### References\n\n<http://secunia.com/advisories/38931/> \n\n\n### Limitations\n\nExploit works on Microsoft Windows Movie Maker 2.1 and requires the user to open the exploit file. \n\n### Platforms\n\nWindows \n \n\n", "edition": 4, "modified": "2010-08-27T00:00:00", "published": "2010-08-27T00:00:00", "id": "SAINT:A3646D25A1582E55A582D09A0EAC5080", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/ms_movie_maker_mediaclipstring", "title": "Microsoft Windows Movie Maker MediaClipString Buffer Overflow", "type": "saint", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-2564"], "description": "====================================================================== \r\n\r\n Secunia Research 10/08/2010\r\n\r\n - Windows Movie Maker String Parsing Buffer Overflow -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor's Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\n* Windows Movie Maker 2.1.4027.0\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Moderately critical\r\nImpact: System compromise\r\nWhere: Remote\r\n\r\n====================================================================== \r\n3) Vendor's Description of Software \r\n\r\n"You have the inspiration. Now you just need the know-how to bring \r\nyour visions to life. See how easy it can be to create, edit, and add \r\nspecial effects to your movies using Windows Movie Maker.".\r\n\r\nProduct Link:\r\nhttp://www.microsoft.com/windowsxp/using/moviemaker/default.mspx\r\n\r\n====================================================================== \r\n4) Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Windows Movie \r\nMaker, which can be exploited by malicious people to compromise a \r\nuser's system.\r\n\r\nThe vulnerability is caused by boundary errors when parsing strings in\r\nimported project files (.MSWMM) and can be exploited to cause a buffer \r\noverflow.\r\n\r\nSuccessful exploitation allows execution of arbitrary code.\r\n\r\n====================================================================== \r\n5) Solution \r\n\r\nApply patches provided by MS10-050.\r\n\r\n====================================================================== \r\n6) Time Table \r\n\r\n14/03/2010 - Vendor notified.\r\n15/03/2010 - Vendor response.\r\n23/04/2010 - Status update requested.\r\n27/04/2010 - Vendor provides status update.\r\n03/08/2010 - Vendor provides status update.\r\n10/08/2010 - Public disclosure.\r\n\r\n====================================================================== \r\n7) Credits \r\n\r\nDiscovered by Dyon Balding, Secunia Research.\r\n\r\n====================================================================== \r\n8) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned \r\nCVE-2010-2564 for the vulnerability.\r\n\r\n====================================================================== \r\n9) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n10) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2010-66/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "edition": 1, "modified": "2010-08-11T00:00:00", "published": "2010-08-11T00:00:00", "id": "SECURITYVULNS:DOC:24454", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24454", "title": "Secunia Research: Windows Movie Maker String Parsing Buffer Overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-2564"], "description": "Microsoft Security Bulletin MS10-050 - Important\r\nVulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)\r\nPublished: August 10, 2010\r\n\r\nVersion: 1.0\r\nGeneral Information\r\nExecutive Summary\r\n\r\nThis security update resolves a privately reported vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nThis security update is rated Important Windows Movie Maker 2.1, Windows Movie Maker 2.6, and Windows Movie Maker 6.0. For more information, see the subsection, Affected and Non-Affected Software, in this section.\r\n\r\nThe security update addresses the vulnerability by changing the way that Windows Movie Maker parses Movie Maker project files. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.\r\n\r\nRecommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.\r\n\r\nFor administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update at the earliest opportunity using update management software, or by checking for updates using the Microsoft Update service.\r\n\r\nSee also the section, Detection and Deployment Tools and Guidance, later in this bulletin.\r\n\r\nKnown Issues. None\r\nTop of sectionTop of section\r\nAffected and Non-Affected Software\r\n\r\nThe following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.\r\n\r\nAffected Software \r\nOperating System\tComponent\tMaximum Security Impact\tAggregate Severity Rating\tBulletins Replaced by this Update\r\n\r\nWindows XP Service Pack 3\r\n\t\r\n\r\nMovie Maker 2.1[1]\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-016\r\n\r\nWindows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nMovie Maker 2.1[1]\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-016\r\n\r\nWindows Vista Service Pack 1 and Windows Vista Service Pack 2\r\n\t\r\n\r\nMovie Maker 6.0[1]\r\n\r\nMovie Maker 2.6[2]\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-016\r\n\r\nWindows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nMovie Maker 6.0[1]\r\n\r\nMovie Maker 2.6[2]\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS10-016\r\n\r\n[1]These versions of Windows Movie Maker are delivered with the indicated operating systems.\r\n\r\n[2]Windows Movie Maker 2.6 is an optional download that can be installed on the indicated operating systems.\r\n\r\nNon-Affected Software\r\nOperating System\r\n\r\nWindows Server 2003 Service Pack 2\r\n\r\nWindows Server 2003 x64 Edition Service Pack 2\r\n\r\nWindows Server 2003 with SP2 for Itanium-based Systems\r\n\r\nWindows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2\r\n\r\nWindows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2\r\n\r\nWindows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2\r\n\r\nWindows 7 for 32-bit Systems\r\n\r\nWindows 7 for x64-based Systems\r\n\r\nWindows Server 2008 R2 for x64-based Systems\r\n\r\nWindows Server 2008 R2 for Itanium-based Systems\r\n\r\nWindows Live Movie Maker\r\n\r\nMicrosoft Producer\r\nTop of sectionTop of section\r\n\t\r\nFrequently Asked Questions (FAQ) Related to This Security Update\r\n\r\nHow is Windows Movie Maker on Windows 7 affected? \r\nWindows Movie Maker is not supported on Windows 7. However, it may be possible that vulnerable Windows Movie Maker 2.6 software exists on a Windows 7 system due to an upgrade scenario from Windows Vista to Windows 7 or due to other possible scenarios. Nevertheless, running Windows Movie Maker on a Windows 7 system is not supported and this security update will not be offered to Windows 7 systems.\r\n\r\nUsers running the unsupported configuration of Windows Movie Maker on Windows 7 are strongly recommended to uninstall Windows Movie Maker. Users who are unable to uninstall Windows Movie Maker can apply the workaround described in this security bulletin to help reduce the risk from this vulnerability.\r\n\r\nFor Windows 7 users, Microsoft recommends Windows Live Movie Maker. Windows Live Movie Maker is available as a download from the Microsoft Download Center and is not affected by the vulnerability described in this bulletin.\r\n\r\nWhere are the file information details? \r\nRefer to the reference tables in the Security Update Deployment section for the location of the file information details.\r\n\r\nI am using an older release of the software discussed in this security bulletin. What should I do? \r\nThe affected software listed in this bulletin have been tested to determine which releases are affected. Other releases are past their support life cycle. For more information about the product lifecycle, visit the Microsoft Support Lifecycle Web site.\r\n\r\nIt should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities. To determine the support lifecycle for your software release, see Select a Product for Lifecycle Information. For more information about service packs for these software releases, see Lifecycle Supported Service Packs.\r\n\r\nCustomers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For contact information, visit the Microsoft Worldwide Information Web site, select the country in the Contact Information list, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager. For more information, see the Microsoft Support Lifecycle Policy FAQ.\r\nTop of sectionTop of section\r\nVulnerability Information\r\n\t\r\nSeverity Ratings and Vulnerability Identifiers\r\n\r\nThe following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the August bulletin summary. For more information, see Microsoft Exploitability Index.\r\nVulnerability Severity Rating and Maximum Security Impact by Affected Software\r\nAffected Software\tMovie Maker Memory Corruption Vulnerability - CVE-2010-2564 \tAggregate Severity Rating\r\n\r\nWindows Movie Maker 2.1 on Windows XP Service Pack 3\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nWindows Movie Maker 2.1 on Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nWindows Movie Maker 6.0 on Windows Vista Service Pack 1 and Windows Vista Service Pack 2\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nWindows Movie Maker 6.0 on Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nWindows Movie Maker 2.6 when installed on Windows Vista Service Pack 1 and Windows Vista Service Pack 2\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nWindows Movie Maker 2.6 when installed on Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2\r\n\t\r\n\r\nImportant \r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nTop of sectionTop of section\r\n\t\r\nMovie Maker Memory Corruption Vulnerability - CVE-2010-2564\r\n\r\nA remote code execution vulnerability exists in the way that Windows Movie Maker handles specially crafted project files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2010-2564.\r\n\t\r\nMitigating Factors for Movie Maker Memory Corruption Vulnerability - CVE-2010-2564\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nIn a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.\r\n\u2022\t\r\n\r\nThe specially crafted file could be sent as an e-mail attachment, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability.\r\n\u2022\t\r\n\r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for Movie Maker Memory Corruption Vulnerability - CVE-2010-2564\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nRemove the Movie Maker .MSWMM file association\r\n\r\nWarning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use the Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.\r\n\r\nNote We recommend backing up the registry before you edit it.\r\n\r\nTo remove the Movie Maker .MSWMM file association, follow these steps:\r\n\r\nInteractive Method\r\n\r\n1.\r\n\t\r\n\r\nClick Start, click Run, type regedit, and then click OK.\r\n\r\n2.\r\n\t\r\n\r\nExpand HKEY_CLASSES_ROOT, click on .MSWMM, and then click the File menu and select Export.\r\n\r\n3.\r\n\t\r\n\r\nIn the Export Registry File dialog box, type MSWMM file association registry backup.reg and click Save. This will create a backup of this registry key in the 'My Documents' folder by default.\r\n\r\n4.\r\n\t\r\n\r\nPress the Delete key on the keyboard to delete the registry key. When prompted to delete the registry value, click Yes.\r\n\r\nManaged Deployment Script\r\n\r\n1.\r\n\t\r\n\r\nMake a backup copy of the registry key using the following command:\r\n\r\nRegedit.exe /e MSWMM_registry_backup.reg HKEY_CLASSES_ROOT\.MSWMM\r\n\r\n2.\r\n\t\r\n\r\nSave the following to a file with a .REG extension (i.e., Delete_MSWMM_file_association.reg):\r\n\r\nWindows Registry Editor Version 5.00\r\n\r\n[-HKEY_CLASSES_ROOT\.MSWMM]\r\n\r\n3.\r\n\t\r\n\r\nRun the registry script created in step 2 on the target machine with the following command:\r\n\r\nRegedit.exe /s Delete_MSWMM_file_association.reg\r\n\r\nImpact of workaround. This workaround removes the .MSWMM file association. Double-clicking an MSWMM file will no longer launch Windows Movie Maker.\r\n\r\nHow to undo the workaround. Restore the registry key by using Regedit to restore the settings saved in the .REG file.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for Movie Maker Memory Corruption Vulnerability - CVE-2010-2564\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely. An attacker could then install programs or view, change, or delete data; or create new accounts with full user rights.\r\n\r\nWhat causes the vulnerability? \r\nThe vulnerability exists in the way that Windows Movie Maker parses the project file formats. This vulnerability requires a malicious user to send a specially crafted Movie Maker file and convince the user to open the specially crafted file.\r\n\r\nWhat is Windows Movie Maker? \r\nWindows Movie Maker is an application that allows users to create, edit and add special effects to home movies. Windows Movie Maker is included with releases of Windows XP and Windows Vista.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nExploitation of this vulnerability requires that a user open a specially crafted Movie Maker project file with an affected version of Windows Movie Maker.\r\n\r\nIn an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Movie Maker project file to the user and by convincing the user to open the file.\r\n\r\nIn a Web-based attack scenario, an attacker would have to host a Web site that contains a specially crafted Movie Maker project file that is used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site, and then convince them to open the specially crafted Movie Maker project file.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nWindows systems where Windows Movie Maker is used are primarily at risk.\r\n\r\nWhat does the update do? \r\nThe update addresses the vulnerability by changing the way that Windows Movie Maker parses Movie Maker project files.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security bulletin was originally issued.\r\n\r\nOther Information\r\nAcknowledgments\r\n\r\nMicrosoft thanks the following for working with us to help protect customers:\r\n\u2022\t\r\n\r\nDyon Balding of Secunia for reporting the Movie Maker Memory Corruption Vulnerability (CVE-2010-2564)\r\nTop of sectionTop of section\r\nMicrosoft Active Protections Program (MAPP)\r\n\r\nTo improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.\r\n\r\nSupport\r\n\u2022\t\r\n\r\nCustomers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.\r\n\u2022\t\r\n\r\nInternational customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.\r\n\r\nDisclaimer\r\n\r\nThe information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\nTop of sectionTop of section\r\nRevisions\r\n\u2022\t\r\n\r\nV1.0 (August 10, 2010): Bulletin published.", "edition": 1, "modified": "2010-08-11T00:00:00", "published": "2010-08-11T00:00:00", "id": "SECURITYVULNS:DOC:24450", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24450", "title": "Microsoft Security Bulletin MS10-050 - Important Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-02-01T06:14:54", "description": "The remote Windows host contains a version of Windows Movie Maker that\nis affected by a memory corruption vulnerability due to the way the\napplication parses project file formats.\n\nIf an attacker can trick a user on the affected system into opening a\nspecially crafted Movie Maker project file using the affected\napplication, this issue could be leveraged to execute arbitrary code\nsubject to the user's privileges.", "edition": 27, "published": "2010-08-11T00:00:00", "title": "MS10-050: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2564"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS10-050.NASL", "href": "https://www.tenable.com/plugins/nessus/48287", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(48287);\n script_version(\"1.26\");\n script_cvs_date(\"Date: 2018/11/15 20:50:30\");\n\n script_cve_id(\"CVE-2010-2564\");\n script_bugtraq_id(42268);\n script_xref(name:\"MSFT\", value:\"MS10-050\");\n script_xref(name:\"MSKB\", value:\"981997\");\n\n script_name(english:\"MS10-050: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)\");\n script_summary(english:\"Checks version of Moviemk.exe / Moviemk.dll\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary code can be executed on the remote host through Windows\nMovie Maker.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Windows Movie Maker that\nis affected by a memory corruption vulnerability due to the way the\napplication parses project file formats.\n\nIf an attacker can trick a user on the affected system into opening a\nspecially crafted Movie Maker project file using the affected\napplication, this issue could be leveraged to execute arbitrary code\nsubject to the user's privileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2010/ms10-050\");\n script_set_attribute(attribute:\"solution\", value:\"Microsoft has released a set of patches for Windows XP and Vista.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS10-050';\nkbs = make_list(\"981997\");\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\n\nif (hotfix_check_sp_range(xp:'3', win2003:'2', vista:'1,2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nif(\"Vista\" >!< productname && \"XP\" >!< productname)\n exit(0, \"The host is running \"+productname+\" and hence is not affected.\");\n\n# Figure out where Movie Maker's installed.\npath = NULL;\nprogfiles = hotfix_get_programfilesdir();\n\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, \"smb_session_init\");\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL, \"IPC$\");\n}\n\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n audit(AUDIT_REG_FAIL);\n}\n\nif ( !isnull(progfiles) )\n{\n key = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\moviemk.exe\";\n key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\n if (!isnull(key_h))\n {\n item = RegQueryValue(handle:key_h, item:NULL);\n if (!isnull(item) && strlen(item[1]) > 0 )\n {\n path = item[1];\n path = ereg_replace(\n pattern:\"^(.+)\\\\moviemk\\.exe$\",\n replace:\"\\1\",\n string:path,\n icase:TRUE\n );\n path = ereg_replace(\n pattern:\"%ProgramFiles%\",\n replace:progfiles,\n string:path,\n icase:TRUE\n );\n }\n RegCloseKey(handle:key_h);\n }\n}\n\nif (isnull(path))\n{\n key = \"SOFTWARE\\Classes\\Windows.Movie.Maker\\Shell\\Open\\Command\";\n key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\n if (!isnull(key_h))\n {\n item = RegQueryValue(handle:key_h, item:NULL);\n if (!isnull(item) && strlen(item[1]) > 0)\n {\n path = item[1];\n path = ereg_replace(pattern:'^\"([^\"]+)\".*', replace:\"\\1\", string:path);\n if (ereg(pattern:\"moviemk\\.exe ?\", string:path, icase:TRUE))\n path = ereg_replace(pattern:\"^(.+)\\\\\\moviemk\\.exe( .+)?$\", replace:\"\\1\", string:path);\n else path = NULL;\n }\n RegCloseKey(handle:key_h);\n }\n}\nif (isnull(path)) path = hotfix_get_programfilesdir() + \"\\Movie Maker\";\n\nRegCloseKey(handle:hklm);\nNetUseDel();\n\nshare = hotfix_path2share(path:path);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nkb = '981997';\nif (\n # Vista\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Moviemk.dll\", version:\"6.0.6002.22426\", min_version:\"6.0.6002.22000\", path:path, bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:2, file:\"Moviemk.dll\", version:\"6.0.6002.18273\", min_version:\"6.0.6002.18000\", path:path, bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:1, file:\"Moviemk.dll\", version:\"6.0.6001.22714\", min_version:\"6.0.6001.22000\", path:path, bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:1, file:\"Moviemk.dll\", version:\"6.0.6001.18494\", min_version:\"6.0.6001.18000\", path:path, bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", file:\"Moviemk.exe\", version:\"2.6.4039.0\", min_version:\"2.6.0.0\", path:path, bulletin:bulletin, kb:kb) ||\n\n # Windows 2003\n hotfix_is_vulnerable(os:\"5.2\", sp:2, arch:\"x64\", file:\"Moviemk.exe\", version:\"2.1.4031.0\", path:path, bulletin:bulletin, kb:kb) ||\n\n # Windows XP\n hotfix_is_vulnerable(os:\"5.1\", sp:3, arch:\"x86\", file:\"Moviemk.exe\", version:\"2.1.4028.0\", path:path, bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:\"SMB/Missing/MS10-050\", value:TRUE);\n hotfix_security_hole();\n\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}