<< Back
CVE Number Vulnerability Product Severity Date
MS10-033 Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902) Microsoft Windows Critical 09-06-2010

Technical Information

Brief overview of the risk:
This security update addresses two privately reported vulnerabilities for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003, Windows Server2008, and Windows Server 2008 R2.
Detailed Information on the risk:

A remote code execution vulnerability exists in the Microsoft Data Analyzer ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.


Further information on this exploit is available at : MS10-034

Affected Software

Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Vista Service Pack 1
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1
Windows Vista x64 Edition Service Pack 2
Windows XP Professional x64 Edition Service Pack 2