Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) |
Informations | |||
---|---|---|---|
Name | MS12-004 | First vendor Publication | 2012-01-10 |
Vendor | Microsoft | Last vendor Modification | 2012-07-31 |
Severity (Vendor) | Critical | Revision | 1.3 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.3 (July 31, 2012): Bulletin revised to announce a detection change in the Windows Vista packages for KB2631813 and KB2598479 to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms12-004 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14337 | |||
Oval ID: | oval:org.mitre.oval:def:14337 | ||
Title: | MIDI Remote Code Execution Vulnerability | ||
Description: | Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0003 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14832 | |||
Oval ID: | oval:org.mitre.oval:def:14832 | ||
Title: | DirectShow Remote Code Execution Vulnerability | ||
Description: | Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0004 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Windows Media MIDI Invalid Channel | More info here |
ExploitDB Exploits
id | Description |
---|---|
2012-01-28 | MS12-004 midiOutPlayNextPolyEvent Heap Overflow |
OpenVAS Exploits
Date | Description |
---|---|
2012-01-11 | Name : Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (26... File : nvt/secpod_ms12-004.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78211 | Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Ex... Microsoft Windows contains a flaw related to the Line21 DirectShow Filter. The issue is triggered when a context-dependent attacker supplies a specially crafted media file. This may allow an attacker to execute arbitrary code. |
78210 | Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Co... Microsoft Windows contains a flaw related to the Multimedia Library. The issue is triggered when a context-dependent attacker supplies a specially crafted MIDI file. This may allow an attacker to execute arbitrary code. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-01-12 | IAVM : 2012-A-0005 - Multiple Remote Code Execution Vulnerabilities in Microsoft Windows Media Severity : Category II - VMSKEY : V0031000 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-04-07 | Microsoft Windows Media MIDI file memory corruption attempt RuleID : 33684 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Gong Da exploit kit possible jar download RuleID : 27706 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Gong Da exploit kit Java exploit requested RuleID : 27705 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Gong Da exploit kit Java exploit requested RuleID : 27704 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Gong Da exploit kit plugin detection RuleID : 27703 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Gong Da exploit kit landing page RuleID : 27702 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Gong Da Jar file download RuleID : 27701 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Gong Da exploit kit redirection page received RuleID : 26013 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Microsoft Windows Media MIDI file memory corruption attempt RuleID : 24003 - Revision : 8 - Type : FILE-OTHER |
2014-01-10 | Microsoft Windows Media MIDI file memory corruption attempt RuleID : 24002 - Revision : 8 - Type : FILE-OTHER |
2014-01-10 | Microsoft Windows Media MIDI file memory corruption attempt RuleID : 24001 - Revision : 8 - Type : FILE-OTHER |
2014-01-10 | Microsoft Windows Media MIDI file memory corruption attempt RuleID : 24000 - Revision : 8 - Type : FILE-OTHER |
2014-01-10 | Microsoft Windows Media MIDI file memory corruption attempt RuleID : 23999 - Revision : 8 - Type : FILE-OTHER |
2014-01-10 | Microsoft Windows Media MIDI file memory corruption attempt RuleID : 21167 - Revision : 10 - Type : FILE-OTHER |
2014-01-10 | Microsoft Windows Media MIDI file memory corruption attempt RuleID : 21159 - Revision : 10 - Type : FILE-OTHER |
2014-01-10 | Microsoft Windows DirectShow GraphEdt closed captioning memory corruption RuleID : 21078 - Revision : 7 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Media MIDI file memory corruption attempt RuleID : 20900 - Revision : 14 - Type : FILE-OTHER |
2014-01-10 | Microsoft DirectShow Line 21 decoder exploit attempt RuleID : 20880 - Revision : 8 - Type : FILE-OFFICE |
Metasploit Database
id | Description |
---|---|
2012-01-10 | MS12-004 midiOutPlayNextPolyEvent Heap Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-10 | Name : Opening a specially crafted media file could result in arbitrary code execution. File : smb_nt_ms12-004.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:13 |
|
2016-04-26 23:05:35 |
|
2015-04-07 21:27:12 |
|
2014-02-17 11:47:13 |
|
2014-01-19 21:30:46 |
|
2013-11-11 12:41:26 |
|