Summary
This host is missing a critical security update according to Microsoft Bulletin MS12-004.
Impact
Successful exploitation will allow the attacker to execute arbitrary code in the context of the user running the application which can compromise the application and possibly the computer.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-004
Insight
- An unspecified error in the Windows multimedia library (winmm.dll) when parsing MIDI files can be exploited via a specially crafted file opened in Windows Media Player.
- An unspecified error exists in the Line21 DirectShow filter (Quartz.dll and Qdvd.dll) when parsing specially crafted media files.
Affected
Micorsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
Microsoft Windows Media Center TV Pack for Windows Vista.
References
Severity
Classification
-
CVE CVE-2012-0003, CVE-2012-0004 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (950759)
- Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
- Microsoft Group Policy Remote Code Execution Vulnerability (3000483)
- Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2879017)
- Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)