Executive Summary
Summary | |
---|---|
Title | Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111) |
Informations | |||
---|---|---|---|
Name | MS10-082 | First vendor Publication | 2010-10-12 |
Vendor | Microsoft | Last vendor Modification | 2010-10-13 |
Severity (Vendor) | Important | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (October 13, 2010): Corrected the download link in the Affected Software table for Windows Media Player 11 on Windows XP Professional x64 Edition Service Pack 2.Summary: This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-082.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6653 | |||
Oval ID: | oval:org.mitre.oval:def:6653 | ||
Title: | Windows Media Player Memory Corruption Vulnerability | ||
Description: | Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2745 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Windows Media Player |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2010-10-13 | Name : Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111)) File : nvt/secpod_ms10-082.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68557 | Microsoft Windows Media Player Reload Operation Object Deallocation Memory Co... A memory corruption flaw exists in Windows Media Player. The flaw is caused due to an error in wmp.dll when deallocating objects during a reload operation and can be exploited to corrupt memory by tricking a user into visiting a specially crafted web page. It allows execution of arbitrary code, but requires that a user clicks through one or more pop-up dialog boxes |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-10-14 | IAVM : 2010-A-0140 - Microsoft Windows Media Player Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0025516 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-09-19 | Microsoft Windows Media Player Firefox plugin memory corruption attempt RuleID : 54833 - Revision : 1 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media Player Firefox plugin memory corruption attempt RuleID : 17773 - Revision : 14 - Type : FILE-MULTIMEDIA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-10-13 | Name : The remote Windows host has a media player that is affected by a code executi... File : smb_nt_ms10-082.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-04-26 23:01:48 |
|
2014-02-17 11:46:44 |
|
2013-11-11 12:41:19 |
|