MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS12-014.

Impact

Successful exploitation allows an attackers to load arbitrary libraries by tricking a user into opening an AVI file located on a remote WebDAV or SMB share via an application using the filter. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-014

Insight

The flaw is due to an error in 'Indeo' filter, it is loading libraries (e.g. iacenc.dll) in an insecure manner.

Affected

Microsoft Windows XP Service Pack 3 and prior.

References

http://secunia.com/advisories/41114/
http://securitytracker.com/id/1026683
http://support.microsoft.com/kb/2661637
http://technet.microsoft.com/en-us/security/bulletin/ms12-014

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3138

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework Privilege Elevation Vulnerability (3005210)
Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability (944533)
Cumulative Security Update for Internet Explorer (939653)
Microsoft Excel Remote Code Execution Vulnerability (956416)
Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)

Take action and discover your vulnerabilities