| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS11-015 | Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030) | Windows XP | Critical | 09-03-2011 |
Technical Information
Brief overview of the risk:
This security update resolves one publicly disclosed vulnerability in DirectShow and one privately reported vulnerability in Windows Media Player and Windows Media Center. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file.
Detailed Information on the risk:
A remote code execution vulnerability exists in the way that Windows Media Player and Windows Media Center handle .dvr-ms files. This vulnerability could allow an attacker to execute arbitrary code if the attacker convinces a user to open a specially crafted .dvr-ms file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Further information on this exploit is available at : MS11-015
Affected Software
Windows XP Media Center Edition 2005 Service Pack 3Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1