| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS10-052 | Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168) | Windows Server | Critical | 11-08-2010 |
Technical Information
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content.
Detailed Information on the risk:
A remote code execution vulnerability exists in the way that Microsoft DirectShow MP3 filter handles supported format files. This vulnerability could allow code execution if a user opened a specially crafted audio file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
Further information on this exploit is available at : MS10-052
Affected Software
Windows Server 2003 Service Pack 2Windows Server 2003 x64 Edition Service Pack 2
Windows XP Professional x64 Edition Service Pack 2
Windows XP Service Pack 3