Windows Media Center vulnerability could allow remote code execution
Report ID: MS201110002
Date Published: 12 October 2011
Compromise Type: remote-code-execution
Compromise From: remote
Windows Media Center TV Pack for Windows Vista (32-bit editions)
Windows Media Center TV Pack for Windows Vista (64-bit editions)
A vulnerability in Windows Media Center could allow a remote attacker to execute arbitrary code and take control of an affected system.
Microsoft has issued a security update to address a vulnerability in Windows Media Center that affects Windows Vista and Windows 7 systems.
The vulnerability is caused by improper path restriction when loading external libraries. An attacker may exploit this vulnerability by tricking a user into opening a legitimate file that is located in the same directory as a malicious dynamic link library (DLL) file. Opening the file would trigger Windows Media Center into attempting to load the DLL file and execute any code it contains, thus, granting the attacker some control on the affected system.
The security update resolves this issue by correcting the way Windows Media Center loads external libraries. Users are recommended to install the latest patch as a protection from potential exploit.
Install the latest patch for applicable system and component, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-076)