MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS12-014.

Impact

Successful exploitation allows an attackers to load arbitrary libraries by tricking a user into opening an AVI file located on a remote WebDAV or SMB share via an application using the filter. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-014

Insight

The flaw is due to an error in 'Indeo' filter, it is loading libraries (e.g. iacenc.dll) in an insecure manner.

Affected

Microsoft Windows XP Service Pack 3 and prior.

References

http://secunia.com/advisories/41114/
http://securitytracker.com/id/1026683
http://support.microsoft.com/kb/2661637
http://technet.microsoft.com/en-us/security/bulletin/ms12-014

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3138

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Internet Explorer Vector Markup Language Remote Code Execution Vulnerability (2544521)
Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
Checks for MS HOTFIX for snmp buffer overruns
ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
Microsoft Group Policy Remote Code Execution Vulnerability (3000483)

Take action and discover your vulnerabilities