<< Back
CVE Number Vulnerability Product Severity Date
MS10-026 Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816) Windows Media Critical 14-04-2010

Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site.
Detailed Information on the risk:

A remote code execution vulnerability exists in the Windows Media Player ActiveX control. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs or view, change, or delete data with full user rights.

Further information on this exploit is available at : MS10-027

Affected Software

Windows Media Player 9 Series (Microsoft Windows 2000 Service Pack 4)
Windows Media Player 9 Series (Windows XP Service Pack 2)
Windows Media Player 9 Series (Windows XP Service Pack 3)