Microsoft Windows DirectShow MSVidCtl Remote Buffer Overflow Vulnerability
Last Update Date:
28 Jan 2011
Release Date:
7 Jul 2009
4300
Views
RISK: Medium Risk
A vulnerability has been identified in Microsoft Windows DirectShow, which could be exploited by remote attackers to compromise an affected system. This issue is caused by a buffer overflow error in the ActiveX control for streaming video "MSVidCtl.dll" when reading a file containing overly long data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Windows XP
- Microsoft Windows Server 2003
Solutions
There is no patch available for this vulnerability currently.
Please refer to the workaround provided by the vendor.
http://support.microsoft.com/kb/972890#FixItForMe
Vulnerability Identifier
Source
Related Link
- http://www.vupen.com/english/advisories/2009/1787
- http://secunia.com/advisories/35683/
- http://www.us-cert.gov/cas/techalerts/TA09-187A.html
- http://www.microsoft.com/technet/security/advisory/972890.mspx
- http://blogs.technet.com/srd/archive/2009/07/06/new-vulnerability-in-mpeg2tunerequest-activex-control-object-in-msvidctl-dll.aspx
Share with