Executive Summary

Summary
TitleVulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
Informations
NameMS12-004First vendor Publication2012-01-10
VendorMicrosoftLast vendor Modification2012-07-31
Severity (Vendor) CriticalRevision1.3

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.3 (July 31, 2012): Bulletin revised to announce a detection change in the Windows Vista packages for KB2631813 and KB2598479 to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.

Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms12-004

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14337
 
Oval ID: oval:org.mitre.oval:def:14337
Title: MIDI Remote Code Execution Vulnerability
Description: Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0003
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14832
 
Oval ID: oval:org.mitre.oval:def:14832
Title: DirectShow Remote Code Execution Vulnerability
Description: Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0004
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application33
Os4
Os3
Os7
Os2
Os4

SAINT Exploits

DescriptionLink
Windows Media MIDI Invalid ChannelMore info here

ExploitDB Exploits

idDescription
2012-01-28MS12-004 midiOutPlayNextPolyEvent Heap Overflow

OpenVAS Exploits

DateDescription
2012-01-11Name : Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (26...
File : nvt/secpod_ms12-004.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
78211Microsoft Windows Line21 DirectShow Filter Media File Handling Remote Code Ex...
78210Microsoft Windows Multimedia Library (winmm.dll) MIDI File Handling Remote Co...

Information Assurance Vulnerability Management (IAVM)

DateDescription
2012-01-12IAVM : 2012-A-0005 - Multiple Remote Code Execution Vulnerabilities in Microsoft Windows Media
Severity : Category II - VMSKEY : V0031000

Snort® IPS/IDS

DateDescription
2014-01-10Gong Da exploit kit possible jar download
RuleID : 27706 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10Gong Da exploit kit Java exploit requested
RuleID : 27705 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10Gong Da exploit kit Java exploit requested
RuleID : 27704 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10Gong Da exploit kit plugin detection
RuleID : 27703 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10Gong Da exploit kit landing page
RuleID : 27702 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10Gong Da Jar file download
RuleID : 27701 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10Gong Da exploit kit redirection page received
RuleID : 26013 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10Microsoft Windows Media MIDI file memory corruption attempt
RuleID : 24003 - Revision : 3 - Type : FILE-OTHER
2014-01-10Microsoft Windows Media MIDI file memory corruption attempt
RuleID : 24002 - Revision : 3 - Type : FILE-OTHER
2014-01-10Microsoft Windows Media MIDI file memory corruption attempt
RuleID : 24001 - Revision : 3 - Type : FILE-OTHER
2014-01-10Microsoft Windows Media MIDI file memory corruption attempt
RuleID : 24000 - Revision : 3 - Type : FILE-OTHER
2014-01-10Microsoft Windows Media MIDI file memory corruption attempt
RuleID : 23999 - Revision : 3 - Type : FILE-OTHER
2014-01-10Microsoft Windows Media MIDI file memory corruption attempt
RuleID : 21167 - Revision : 5 - Type : FILE-OTHER
2014-01-10Microsoft Windows Media MIDI file memory corruption attempt
RuleID : 21159 - Revision : 5 - Type : FILE-OTHER
2014-01-10Microsoft Windows DirectShow GraphEdt closed captioning memory corruption
RuleID : 21078 - Revision : 5 - Type : FILE-MULTIMEDIA
2014-01-10Microsoft Windows Media MIDI file memory corruption attempt
RuleID : 20900 - Revision : 8 - Type : FILE-OTHER
2014-01-10Microsoft DirectShow Line 21 decoder exploit attempt
RuleID : 20880 - Revision : 6 - Type : FILE-OFFICE

Metasploit Database

idDescription
2012-01-10 MS12-004 midiOutPlayNextPolyEvent Heap Overflow

Nessus® Vulnerability Scanner

DateDescription
2012-05-09Name : The management agent installed on the remote Windows host has multiple vulner...
File : hp_insight_mgmt_agents_web_vulns.nasl - Type : ACT_GATHER_INFO
2012-01-10Name : Opening a specially crafted media file could result in arbitrary code execution.
File : smb_nt_ms12-004.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 11:47:13
  • Multiple Updates
2014-01-19 21:30:46
  • Multiple Updates
2013-11-11 12:41:26
  • Multiple Updates