Windows Media Encoder wmex.dll ActiveX Control Buffer Overflow

Posted on Tuesday, September 09, 2008 @ 21:24:11 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA31724

VERIFY ADVISORY: http://secunia.com/advisories/31724/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: Microsoft Windows Media Encoder 9.x - http://secunia.com/product/5895/

DESCRIPTION: A vulnerability has been reported in Windows Media Encoder, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the WMEX.DLL ActiveX control. This can be exploited to cause a buffer overflow by tricking a user into e.g. visiting a malicious website. Successful exploitation may allow execution of arbitrary code.


SOLUTION: Apply patches.
-- Windows Media Encoder 9 Series --
Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyID=0cabfbc0-db5d-4a6a-a4cd-e6df89ac2b25
Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?FamilyID=57bcb3c2-49d3-4f18-8d03-36abd03d7403
Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=18efea9e-b103-46de-90d9-5e295854cec3
Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=54ce1080-94cf-4e4f-8e09-a7dbab2757c5
Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=c83011cd-90b8-494c-9cad-fa055e101992
Windows Vista (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyID=99beebc4-553a-46f8-8245-e3d932306c93
Windows Vista x64 Edition (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyID=99beebc4-553a-46f8-8245-e3d932306c93
Windows Server 2008 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=5434ca66-5a6b-4517-92fb-72dea0a172ec
Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=5434ca66-5a6b-4517-92fb-72dea0a172ec


-- Windows Media Encoder 9 Series x64 Edition --
Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=ebc1737c-6e78-4244-a1b2-a56d031f16e9
Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=d8f1b782-136b-443f-b5f2-63aa4d1fd94a
Windows Vista x64 Edition (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=54d1279a-7f26-4727-a39d-5505bcd4fc53
Windows Server 2008 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyId=e30f9427-26d0-4e86-b9b8-bc637c3b5734

PROVIDED AND/OR DISCOVERED BY: The vendor credits Nguyen Minh Duc and Le Manh Tung, BKIS Hanoi University of Technology.

ORIGINAL ADVISORY: MS08-053 (KB954156): http://www.microsoft.com/technet/security/Bulletin/MS08-053.mspx
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 370,002,394
  • Today: 49,420
Server InfoServer Info
  • Oct 23, 2018
  • 01:25 pm PDT
 
 

Daily Inspiration