Title

Multiple Vulnerabilities in Microsoft Windows Media (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing multiple vulnerabilities affecting Microsoft Windows. To exploit these vulnerabilities, an attacker would entice a user to open a malicious media file streamed from a web site or sent via email. If successfully exploited, these vulnerabilities would allow an attacker to compromise an affected system.. At this time, there are known exploits associated with at least one of these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents. DirectShow Insecure Library Loading Vulnerability - (CVE-2011-0032): A remote code execution vulnerability exists in the way that Microsoft DirectShow handles the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. DVR-MS Vulnerability - (CVE-2011-0042): A remote code execution vulnerability exists in the way that Windows Media Player and Windows Media Center handle .dvr-ms files. This vulnerability could allow an attacker to execute arbitrary code if the attacker convinces a user to open a specially crafted .dvr-ms file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS11-015 (2510030) Vulnerable Applications/Systems: Windows XP Media Center Edition 2005 SP 3 Windows XP SP 3 Windows XP Professional x64 Edition SP 2 Windows Vista SP1 and SP2 (x86 and x64) Windows 7 and Windows 7 SP1(x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 x64** Windows Media Center TV Pack for Windows Vista (x86 and x64) **Server Core installation not affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Encdec.dll Windows XP SP 3 - 6.5.2600.6076 Windows XP x64 SP 2 - 6.5.3790.4826 Windows Vista SP1 and SP2 (x86 and x64) - 6.6.6001.18571 or 6.6.6002.18363 Windows 7 / 2008 R2 - 6.6.7600.16724 or 6.6.7600.20865 Windows 7 / 2008 R2 SP1 - 6.6.7601.17528 or 6.6.7601.21626 Cpfilters.dll Windows Media Center TV Pack for Windows Vista (x86 & x64) - 6.6.1000.18309

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-26088

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.