Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows Media Center vulnerability could allow remote code execution


Report ID: MS201110002
Date Published: 12 October 2011

Criticality: Important
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Windows Vista
Windows 7
Windows Media Center TV Pack for Windows Vista (32-bit editions)
Windows Media Center TV Pack for Windows Vista (64-bit editions)




Summary

A vulnerability in Windows Media Center could allow a remote attacker to execute arbitrary code and take control of an affected system.



Detailed Description

Microsoft has issued a security update to address a vulnerability in Windows Media Center that affects Windows Vista and Windows 7 systems.

The vulnerability is caused by improper path restriction when loading external libraries. An attacker may exploit this vulnerability by tricking a user into opening a legitimate file that is located in the same directory as a malicious dynamic link library (DLL) file. Opening the file would trigger Windows Media Center into attempting to load the DLL file and execute any code it contains, thus, granting the attacker some control on the affected system.

The security update resolves this issue by correcting the way Windows Media Center loads external libraries. Users are recommended to install the latest patch as a protection from potential exploit.



CVE Reference

CVE-2011-2009



Solution

Install the latest patch for applicable system and component, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-076)




Online Virus Scanner

 
Run a quick online virus scan of your computer.