F-Secure
Tools
Microsoft MPEG Layer-3 Codecs Vulnerability
| Report ID: | SA201006492 |
| Source: | F-Secure |
| Date of Discovery: | 10.08.2010 |
| Criticality: | Critical |
| Affects: | Windows XP Windows Server 2003 |
| Compromise From: | From remote |
| Compromise Type: | Remote code execution |
Summary
A vulnerability in Microsoft M-PEG Layer-3 audio codecs could result in an execution of arbitrary code by a remote attacker.
Detailed Description
Microsoft has disclosed a vulnerability in M-PEG Layer-3 audio codecs that could lead to a remote attacker executing arbitrary code and taking control of an affected system. The vulnerability was caused by improper handling of maliciously crafted media files containing an M-PEG Layer-3 audio stream.
Solution
Install the latest update for applicable system
Original Reference
Microsoft Security Bulletin MS10-052 (http://www.microsoft.com/technet/security/Bulletin/MS10-052.mspx)
CVE Reference
CVE-2010-1882