Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS10-075.

Impact

Successful exploitation could allow remote attackers to take control of a vulnerable system via specially crafted packets. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS10-075.mspx

Insight

The flaw is caused by a use-after-free error in the Windows Media Player Network Sharing Service 'wmpnetwk.exe' when processing Real Time Streaming Protocol (RTSP) packets.

Affected

Microsoft Windows 7 Microsoft Windows Vista Service Pack 2 and prior.

References

http://support.microsoft.com/kb/2281679
http://www.vupen.com/english/advisories/2010/2622

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3225

CVSS	Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)
Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)
Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
Cumulative Security Update for Internet Explorer (953838)

Take action and discover your vulnerabilities