Vulnerability Protection

Vulnerability in Windows DVD Maker Could Allow Information Disclosure

Details

Report ID:

MS20170315

Date Published:

15 March 2017

Date Revised:

Criticality:

Important

Compromise Type:

Information disclosure

Compromise From:

Local system

Affected Product/Component:

Windows Vista
Windows 7

Summary

A vulnerability in the Windows DVD Maker could allow information disclosure, if successfully exploited. 

Detailed Description

Microsoft has released a security update for Windows DVD Maker following the discovery of an information disclosure vulnerability, which was caused by improper parsing of a .msdvd file. The vulnerability could be exploited to gain sensitive information that could be used in further attack. In order to exploit it, the attacker must first log on to the local system. This issue has been fixed in the latest security update by correcting the way Windows DVD Maker parses files. 

CVE Reference

CVE-2017-0045

Solution

Install the latest security patch, available for download from https://technet.microsoft.com/en-us/library/security/MS17-020

Source

Microsoft Security Bulletin MS17-020