Ravens PHP Scripts

Windows Media Encoder wmex.dll ActiveX Control Buffer Overflow
Date: Tuesday, September 09, 2008 @ 21:24:11 PDT
Topic: Security


SECUNIA ADVISORY ID: SA31724

VERIFY ADVISORY: http://secunia.com/advisories/31724/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: Microsoft Windows Media Encoder 9.x - http://secunia.com/product/5895/

DESCRIPTION: A vulnerability has been reported in Windows Media Encoder, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the WMEX.DLL ActiveX control. This can be exploited to cause a buffer overflow by tricking a user into e.g. visiting a malicious website. Successful exploitation may allow execution of arbitrary code.




SOLUTION: Apply patches.
-- Windows Media Encoder 9 Series --
Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyID=0cabfbc0-db5d-4a6a-a4cd-e6df89ac2b25
Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?FamilyID=57bcb3c2-49d3-4f18-8d03-36abd03d7403
Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=18efea9e-b103-46de-90d9-5e295854cec3
Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=54ce1080-94cf-4e4f-8e09-a7dbab2757c5
Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=c83011cd-90b8-494c-9cad-fa055e101992
Windows Vista (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyID=99beebc4-553a-46f8-8245-e3d932306c93
Windows Vista x64 Edition (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyID=99beebc4-553a-46f8-8245-e3d932306c93
Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=5434ca66-5a6b-4517-92fb-72dea0a172ec
Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=5434ca66-5a6b-4517-92fb-72dea0a172ec


-- Windows Media Encoder 9 Series x64 Edition --
Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=ebc1737c-6e78-4244-a1b2-a56d031f16e9
Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=d8f1b782-136b-443f-b5f2-63aa4d1fd94a
Windows Vista x64 Edition (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=54d1279a-7f26-4727-a39d-5505bcd4fc53
Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=e30f9427-26d0-4e86-b9b8-bc637c3b5734

PROVIDED AND/OR DISCOVERED BY: The vendor credits Nguyen Minh Duc and Le Manh Tung, BKIS Hanoi University of Technology.

ORIGINAL ADVISORY: MS08-053 (KB954156): http://www.microsoft.com/technet/security/Bulletin/MS08-053.mspx






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3447