Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2010-0265 to a friend New vulnerability? New tool? Tell us	CVE-2010-0265 Microsoft Windows Movie Maker and Microsoft Producer IsValidWMToolsStream() Heap Overflow     Credit: The information has been provided by Damian Frizza . The original article can be found at: http://www.coresecurity.com/content/movie-maker-heap-overflow Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2010-0265 Details Check for CVE-2010-0265 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Microsoft Windows Movie Maker on Windows Vista  * Microsoft Windows Movie Maker on Windows Vista Service Pack 1  * Microsoft Windows Movie Maker on Windows Vista Service Pack 2  * Microsoft Windows Movie Maker on Windows XP Professional x64 Edition  * Microsoft Windows Movie Maker on Windows XP Service Pack 2  * Microsoft Windows Movie Maker on Windows XP Service Pack 3  * Microsoft Producer for PowerPoint Immune Systems:  * Microsoft Windows Live Movie Maker (downloadable component for Windows 7) This vulnerability results in a write access violation and can lead to remote code execution. An exploitable vulnerability was found in Windows Movie Maker, which can be triggered by a remote attacker by sending a specially crafted .MSWMM file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remote code execution. The root cause of this is the function IsValidWMToolsStream(), in which *pbuffer is used twice with 2 different sizes. The second time, the data is read from the MSWMM file, and pbuffer is not re-allocated before it is re-used. If the size read from the file is bigger than the initial internal value, this results in a buffer overrun. Patch Availability: Microsoft has addressed the vulnerability in Movie Maker by issuing an update located at: http://www.microsoft.com/technet/security/Bulletin/MS10-016.mspx The security update for Microsoft Producer 2003 is unavailable at this time. Workaround: Avoid opening .MSWMM Movie Maker files or .MSProducer Microsoft Producer files from untrusted sources. Remove the Movie Maker .MSWMM file association and/or remove the Microsoft Producer 2003 .MSProducer, .MSProducerZ, and .MSProducerBF file associations. Replace Microsoft Producer with a new version when it comes out or with the current Beta version. CVE Information: CVE-2010-0265 Disclosure Timeline: 2009-08-14: Microsoft notified 2009-08-14: The Microsoft team acknowledges receipt of the report. 2010-03-09: Microsoft Security Bulletin MS10-016 is released, which fixes the vulnerability in Movie Maker. 2010-03-09: The advisory CORE-2009-0813 is published as user release.  Comments on CVE-2010-0265:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®