PHP Web Host - Quality Web Hosting For All PHP Applications Just Great Software
  Login or Register
 • Home • Downloads • Your Account • Forums • 
Site Navigation

Home:
 
Donate o Meter
Help Keep Our Servers Online AND Our Services Free!
Make donations with PayPal!
Donations
 
Please Link To Me!
 
Quality Web Hosting For All PHP Applications
Quality PHP Web Host!

Great Reviews!
Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?
Need help customizing or designing scripts?
Please contact us via the Contact Us option for further details and pricing.
Link to Me

RavenPHPScripts

RavenPHPScripts

There are more Link To Me icons here.
 
Site Info v2.2.2 ©
Your IP: 38.107.179.232

Welcome, Anonymous
Nickname
Password
Security Code:
Security Code
Type Security Code:

· Register
· Lost Password
Server Date/Time
10 February 2012 01:41:30 EST (GMT -5)
 
Windows Media Encoder wmex.dll ActiveX Control Buffer Overflow 
Security

SECUNIA ADVISORY ID: SA31724

VERIFY ADVISORY: http://secunia.com/advisories/31724/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: Microsoft Windows Media Encoder 9.x - http://secunia.com/product/5895/

DESCRIPTION: A vulnerability has been reported in Windows Media Encoder, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the WMEX.DLL ActiveX control. This can be exploited to cause a buffer overflow by tricking a user into e.g. visiting a malicious website. Successful exploitation may allow execution of arbitrary code.




SOLUTION: Apply patches.
-- Windows Media Encoder 9 Series --
Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyID=0cabfbc0-db5d-4a6a-a4cd-e6df89ac2b25
Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?FamilyID=57bcb3c2-49d3-4f18-8d03-36abd03d7403
Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=18efea9e-b103-46de-90d9-5e295854cec3
Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=54ce1080-94cf-4e4f-8e09-a7dbab2757c5
Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=c83011cd-90b8-494c-9cad-fa055e101992
Windows Vista (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyID=99beebc4-553a-46f8-8245-e3d932306c93
Windows Vista x64 Edition (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyID=99beebc4-553a-46f8-8245-e3d932306c93
Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=5434ca66-5a6b-4517-92fb-72dea0a172ec
Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=5434ca66-5a6b-4517-92fb-72dea0a172ec


-- Windows Media Encoder 9 Series x64 Edition --
Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=ebc1737c-6e78-4244-a1b2-a56d031f16e9
Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=d8f1b782-136b-443f-b5f2-63aa4d1fd94a
Windows Vista x64 Edition (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=54d1279a-7f26-4727-a39d-5505bcd4fc53
Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=e30f9427-26d0-4e86-b9b8-bc637c3b5734

PROVIDED AND/OR DISCOVERED BY: The vendor credits Nguyen Minh Duc and Le Manh Tung, BKIS Hanoi University of Technology.

ORIGINAL ADVISORY: MS08-053 (KB954156): http://www.microsoft.com/technet/security/Bulletin/MS08-053.mspx
Posted on Tuesday, September 09, 2008 @ 21:24:11 EDT by Raven
 
Related Links
· More about Security
· News by Raven
Most read story about Security:
PHP-Nuke *eid* SQL Injection Vulnerability
 
Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad
 
Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend
 
 

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2011 by Raven

You can syndicate our news using the file xml

CSE HTML Validator Helped Clean up This Page! [Valid RSS] valid RSS 2.0 Valid robots.txt Stop Spam Harvesters, Join Project Honey Pot

Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.

:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com ::
:: fisubice Theme Modified by the RavenNuke™ Team ::

:: W3C CSS Compliance Validation :: W3C HTML 4.01 Transitional Compliance Validation ::

zerosum