Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS11-076.

Impact

Successful exploitation could allow attackers to execute arbitrary code in the context of the user running the application. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms11-076

Insight

The flaw is due to Windows Media Player improperly restricting the path used when loading external libraries.

Affected

Microsoft Windows 7 Service Pack 1 and prior. Microsoft Windows Vista Service Pack 2 and prior. Microsoft Windows Media Center TV Pack for Windows Vista.

References

http://secunia.com/advisories/46404
http://support.microsoft.com/kb/2579686
http://support.microsoft.com/kb/2579692
http://technet.microsoft.com/en-us/security/bulletin/ms11-076

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2009

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cumulative Security Update for Internet Explorer (933566)
Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
Microsoft Antimalware Client Privilege Elevation Vulnerability (2823482)
ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
Cumulative Security Update for Internet Explorer (972260)

Take action and discover your vulnerabilities