Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-037.
Impact
Successful exploitation could allow remote attacker execute arbitrary code on the vulnerable system.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS09-037
Insight
The multiple flaws are due to:
- Bug in the ATL header that could allow reading a variant from a stream and leaving the variant type read with an invalid variant. When deleting the variant, it is possible to free unintended areas in memory that could be controlled by an attacker.
- Error in 'CComVariant::ReadFromStream()' function used in the ATL header.
This function does not properly restrict untrusted data read from a stream.
- An bug in the ATL headers that could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized.
- Bugs in the ATL headers that handle instantiation of an object from data streams.
Affected
Windows Media Player 9/10/11
Microsoft Outlook Express 6 Service Pack 1
Microsoft Outlook Express 5.5 Service Pack 2
Microsoft Windows 2K Service Pack 4 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 1/2 and prior Microsoft Windows Server 2008 Service Pack 1/2 and prior
References
Severity
Classification
-
CVE CVE-2008-0015, CVE-2008-0020, CVE-2009-0901, CVE-2009-2493, CVE-2009-2494 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
- Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
- Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
- Flaw in Microsoft VM Could Allow Code Execution (810030)
- Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)