Windows Media vulnerabilities could allow remote code execution
Report ID: MS201201004
Date Published: 11 January 2012
Compromise Type: remote-code-execution
Compromise From: remote
Windows Multimedia Library and/or DirectShow
- in -
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Two vulnerabilities, both caused by improper handling of specially crafted media files, could lead to arbitrary code execution on an affected system.
Microsoft has issued a security update to address two reported vulnerabilities, each of which could be exploited by an attacker to execute code and take control of an affected system. The first vulnerability was caused when Windows Media Player fails to handle a specially crafted MIDI file, while the other was a result of filters in DirectShow failing to properly handle specially crafted media files.
These issues has been fixed by correcting the way Windows Media Player handles MIDI files, and correcting the way DirectShow parses media files. Users are recommended to install the latest update to protect their system from potential exploit.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-004)