Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows Media vulnerabilities could allow remote code execution


Report ID: MS201201004
Date Published: 11 January 2012

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Windows Multimedia Library and/or DirectShow

- in -

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2




Summary

Two vulnerabilities, both caused by improper handling of specially crafted media files, could lead to arbitrary code execution on an affected system.



Detailed Description

Microsoft has issued a security update to address two reported vulnerabilities, each of which could be exploited by an attacker to execute code and take control of an affected system. The first vulnerability was caused when Windows Media Player fails to handle a specially crafted MIDI file, while the other was a result of filters in DirectShow failing to properly handle specially crafted media files.

These issues has been fixed by correcting the way Windows Media Player handles MIDI files, and correcting the way DirectShow parses media files. Users are recommended to install the latest update to protect their system from potential exploit.



CVE Reference

CVE-2012-0003
CVE-2012-0004
 



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-004)



Online Virus Scanner

 
Run a quick online virus scan of your computer.