Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2010-03-10 |
| Product | Windows Movie Maker | Last view | 2013-12-29 |
| Version | 2.1 | Type | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2013-12-29 | CVE-2013-4858 | Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav. |
| 9.3 | 2010-12-16 | CVE-2010-3967 | Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability." |
| 9.3 | 2010-08-11 | CVE-2010-2564 | Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability." |
| 9.3 | 2010-03-10 | CVE-2010-0265 | Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 33% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 33% (1) | CWE-20 | Improper Input Validation |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:8595 | Movie Maker and Producer Buffer Overflow Vulnerability |
| oval:org.mitre.oval:def:12011 | Movie Maker Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:12250 | Insecure Library Loading Vulnerability |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Windows Movie Maker IsValidWMToolsStream buffer overflow | More info here |
| Microsoft Windows Movie Maker MediaClipString Buffer Overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 67543 | Microsoft Windows Movie Maker Path Subversion Arbitrary OCX Injection Code Ex... |
| 66986 | Microsoft Windows Movie Maker Imported Projector File (.MSWMM) String Parsing... |
| 62811 | Microsoft Windows Movie Maker / Producer IsValidWMToolsStream() Function Proj... |
ExploitDB Exploits
| id | Description |
|---|---|
| 14886 | MOAUB #4 - Movie Maker Remote Code Execution (MS10-016) |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-12-15 | Name : Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability... File : nvt/secpod_ms10-093.nasl |
| 2010-08-11 | Name : Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability... File : nvt/secpod_ms10-050.nasl |
| 2010-03-10 | Name : Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability... File : nvt/secpod_ms10-016.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2010-B-0114 | Microsoft Windows Movie Maker Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0025863 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-02-27 | Microsoft Windows Movie Maker project file heap buffer overflow attempt RuleID : 45554 - Type : FILE-MULTIMEDIA - Revision : 1 |
| 2018-02-27 | Microsoft Windows Movie Maker project file heap buffer overflow attempt RuleID : 45553 - Type : FILE-MULTIMEDIA - Revision : 1 |
| 2016-03-15 | Microsoft Windows Movie Maker project file heap buffer overflow attempt RuleID : 37663 - Type : FILE-MULTIMEDIA - Revision : 1 |
| 2014-01-10 | Microsoft Windows Movie Maker project file heap buffer overflow attempt RuleID : 19956 - Type : FILE-MULTIMEDIA - Revision : 15 |
| 2014-01-10 | Microsoft Windows Movie Maker string size overflow attempt RuleID : 19063 - Type : FILE-MULTIMEDIA - Revision : 16 |
| 2014-01-10 | Microsoft Movie Maker hhctrl.ocx dll-load attempt RuleID : 18211 - Type : OS-WINDOWS - Revision : 9 |
| 2014-01-10 | Microsoft Movie Maker hhctrl.ocx dll-load attempt RuleID : 18210 - Type : OS-WINDOWS - Revision : 10 |
| 2014-01-10 | Microsoft Windows Movie Maker string size overflow attempt RuleID : 17135 - Type : FILE-MULTIMEDIA - Revision : 16 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-12-15 | Name: The remote Windows host is affected by a remote code execution vulnerability. File: smb_nt_ms10-093.nasl - Type: ACT_GATHER_INFO |
| 2010-08-11 | Name: Arbitrary code can be executed on the remote host through Windows Movie Maker. File: smb_nt_ms10-050.nasl - Type: ACT_GATHER_INFO |
| 2010-03-09 | Name: Arbitrary code can be executed on the remote host through Windows Movie Maker. File: smb_nt_ms10-016.nasl - Type: ACT_GATHER_INFO |
