Microsoft Windows Media Player ActiveX Control Remote Code Execution Vulnerability
BID:39351
Info
Microsoft Windows Media Player ActiveX Control Remote Code Execution Vulnerability
| Bugtraq ID: | 39351 |
| Class: | Unknown |
| CVE: |
CVE-2010-0268 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2010 12:00AM |
| Updated: | Apr 13 2010 07:53PM |
| Credit: | TippingPoint and the Zero Day Initiative |
| Vulnerable: |
Microsoft Windows Media Player 9.0 |
| Not Vulnerable: | |
Discussion
Microsoft Windows Media Player ActiveX Control Remote Code Execution Vulnerability
Microsoft Windows Media Player ActiveX control is prone to a remote code-execution vulnerability when handling specially crafted media content.
An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.
Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application, which can compromise the application and possibly the computer.
The issue affects Windows Media Player 9 on supported editions of Microsoft Windows 2000 and Windows XP.
Microsoft Windows Media Player ActiveX control is prone to a remote code-execution vulnerability when handling specially crafted media content.
An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.
Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application, which can compromise the application and possibly the computer.
The issue affects Windows Media Player 9 on supported editions of Microsoft Windows 2000 and Windows XP.
Exploit / POC
Microsoft Windows Media Player ActiveX Control Remote Code Execution Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft Windows Media Player ActiveX Control Remote Code Execution Vulnerability
Solution:
The vendor released an advisory and updates to address this issue. Please see the references for more information.
Microsoft Windows Media Player 9.0
Solution:
The vendor released an advisory and updates to address this issue. Please see the references for more information.
Microsoft Windows Media Player 9.0
-
Microsoft Security Update for Windows Media Player 9 for Windows 2000 (KB979402)
http://www.microsoft.com/downloads/details.aspx?familyid=C0B8B362-A321 -4AC9-BE98-15C71BB7A043 -
Microsoft Security Update for Windows Media Player 9 for Windows XP SP2 (KB979402)
http://www.microsoft.com/downloads/details.aspx?familyid=5C748C6D-84D1 -45A9-8A33-9372EB5504D5 -
Microsoft Security Update for Windows Media Player 9 for Windows XP SP3 (KB979402)
http://www.microsoft.com/downloads/details.aspx?familyid=9E4277B4-2DC5 -4163-A6AA-7E07DD32B721
References
Microsoft Windows Media Player ActiveX Control Remote Code Execution Vulnerability
References:
References: