Microsoft DirectShow Remote Code Execution Vulnerability (961373) Network Vulnerability

Summary

This host has critical security update missing according to Microsoft Bulletin MS09-011.

Impact

Successful exploitation on remote vulnerable system allow arbitrary code execution and can potentially compromise a user's system. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-011.mspx

Insight

DirectX application throws an an error when decompressing MJPEG content, and can be exploited via a specially crafted MJPEG file.

Affected

DirectX 8.1 and 9.0 on Microsoft Windows 2000 DirectX 9.0 on Microsoft Windows XP and 2003

References

http://www.microsoft.com/technet/security/bulletin/ms09-011.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0084

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
Cumulative Security Update for Internet Explorer (928090)
Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)
Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)

Take action and discover your vulnerabilities