Executive Summary
Summary | |
---|---|
Title | Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) |
Informations | |||
---|---|---|---|
Name | MS10-016 | First vendor Publication | 2010-03-09 |
Vendor | Microsoft | Last vendor Modification | 2010-08-11 |
Severity (Vendor) | Important | Revision | 2.3 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V2.3 (August 11, 2010): Removed Windows Movie Maker 2.6 as an affected component on Windows 7.Summary: This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS10-016.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:8595 | |||
Oval ID: | oval:org.mitre.oval:def:8595 | ||
Title: | Movie Maker and Producer Buffer Overflow Vulnerability | ||
Description: | Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0265 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Movie Maker 2.1 Movie Maker 2.6 Movie Maker 6.0 Microsoft Producer 2003 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Os | 4 | |
Os | 3 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Windows Movie Maker IsValidWMToolsStream buffer overflow | More info here |
ExploitDB Exploits
id | Description |
---|---|
2010-09-04 | MOAUB #4 - Movie Maker Remote Code Execution (MS10-016) |
OpenVAS Exploits
Date | Description |
---|---|
2010-03-10 | Name : Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability... File : nvt/secpod_ms10-016.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62811 | Microsoft Windows Movie Maker / Producer IsValidWMToolsStream() Function Proj... A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remote code execution. |
Snort® IPS/IDS
Date | Description |
---|---|
2018-02-27 | Microsoft Windows Movie Maker project file heap buffer overflow attempt RuleID : 45554 - Revision : 1 - Type : FILE-MULTIMEDIA |
2018-02-27 | Microsoft Windows Movie Maker project file heap buffer overflow attempt RuleID : 45553 - Revision : 1 - Type : FILE-MULTIMEDIA |
2016-03-15 | Microsoft Windows Movie Maker project file heap buffer overflow attempt RuleID : 37663 - Revision : 1 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows Movie Maker project file heap buffer overflow attempt RuleID : 19956 - Revision : 15 - Type : FILE-MULTIMEDIA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-03-09 | Name : Arbitrary code can be executed on the remote host through Windows Movie Maker. File : smb_nt_ms10-016.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:29 |
|
2014-01-19 21:30:26 |
|