Computer Security
[EN] securityvulns.ru
no-pyccku

  

Microsoft Windows multiple security vulnerabilities
Published:09.03.2011
Source:MICROSOFT
SecurityVulns ID:11487
Type:remote
Level:6/10
Description:Unsafe library loading, code execution with .dvr-ms files.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-0042 (SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability.")
 CVE-2011-0032 (Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability.")
 CVE-2011-0029 (Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability.")
 CVE-2010-3146 (Untrusted search path vulnerability in Microsoft Office Groove 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mso.dll or GroovePerfmon.dll that is located in the same folder as a .vcg or .gta file.)
Files:Microsoft Security Bulletin MS11-015 - Critical Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
 Microsoft Security Bulletin MS11-016 - Important Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)
 Microsoft Security Bulletin MS11-017 - Important Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru