Executive Summary
| Summary | |
|---|---|
| Title | Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679) |
| Informations | |||
|---|---|---|---|
| Name | MS10-075 | First vendor Publication | 2010-10-12 |
| Vendor | Microsoft | Last vendor Modification | 2010-10-12 |
| Severity (Vendor) | Critical | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.6 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V1.0 (October 12, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the Microsoft Windows Media Player Network Sharing Service. The vulnerability could allow remote code execution if an attacker sent a specially crafted RTSP packet to an affected system. However, Internet access to home media is disabled by default. In this default configuration, the vulnerability can be exploited only by an attacker within the same subnet. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS10-075.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:6684 | |||
| Oval ID: | oval:org.mitre.oval:def:6684 | ||
| Title: | RTSP Use After Free Vulnerability | ||
| Description: | Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3225 | Version: | 3 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 2 | |
| Os | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-10-13 | Name : Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerab... File : nvt/secpod_ms10-075.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 68550 | Microsoft Windows Media Player Network Sharing Service RTSP Use-after-free Re... Microsoft Windows Media Player contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is caused due to a use-after-free error in the Network Sharing Service (wmpnetwk.exe) and can be exploited via a specially crafted Real Time Streaming Protocol (RTSP) packet. It allows execution of arbitrary code, but requires the Network Sharing Service is enabled. |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2010-10-14 | IAVM : 2010-A-0141 - Microsoft Windows Media Player Network Sharing Service Remote Code Execution ... Severity : Category II - VMSKEY : V0025520 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Windows Media Player network sharing service RTSP code execution at... RuleID : 17753 - Revision : 15 - Type : FILE-MULTIMEDIA |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-10-13 | Name : It is possible to execute arbitrary code on the remote Windows host using the... File : smb_nt_ms10-075.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:46:43 |
|
| 2014-01-19 21:30:32 |
|
| 2013-11-11 12:41:18 |
|
