F-Secure
Tools
Microsoft Windows Movie Maker Vulnerability
| Report ID: | SA201006490 |
| Source: | F-Secure |
| Date of Discovery: | 10.08.2010 |
| Criticality: | Urgent |
| Affects: | Movie Maker 2.1 Movie Maker 2.6 Movie Maker 6.0 |
| Compromise From: | From remote |
| Compromise Type: | Remote code execution |
Summary
A vulnerability in Windows Movie Maker could lead to remote code execution.
Detailed Description
A vulnerability in Windows Movie Maker, caused by the way project file formats are parsed, could be exploited by an attacker to run arbitrary code and gain system access.
Solution
Install the latest update for applicable version.
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Vista Service Pack 1 and Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Service Pack 2
* Windows Movie Maker 2.6 is an optional download that can be installed on the indicated operating systems.
Original Reference
Microsoft Security Bulletin MS10-050 (http://www.microsoft.com/technet/security/bulletin/MS10-050.mspx)
CVE Reference
CVE-2010-2564