APP: Microsoft Windows Media Service Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Windows Media Service. A successful attack can allow attackers to take complete control of an affected system. Thereby enabling them to install programs; view, change, delete data; or create new accounts with full user rights.
Extended Description
Microsoft Windows Media Service is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Update (April 21, 2010): Microsoft reports that the patch released as MS10-025 does not resolve this issue. Microsoft intends to release a new fix in the following week; this BID will be updated as more information emerges. Update (April 27, 2010): Updated MS10-025 includes a new fix.
Affected Products
Nortel_networks self-service_media_processing_server,Microsoft windows_2000_professional
Short Name
APP:WINMEDIASRV-RCE
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2010-0478 Code Execution Media Microsoft Remote Service Windows
Release Date
04/13/2010
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3725
Port
TCP/1755
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
CVSS Score
9.3