<< Back
CVE Number Vulnerability Product Severity Date
MS11-092 Vulnerability in Windows Media Could Allow Remote Code Execution (2648048) Windows XP Critical 14-12-2011

Technical Information

Brief overview of the risk:
The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.
Detailed Information on the risk:

A remote code execution vulnerability exists in the way that Windows Media Player and Windows Media Center handle .dvr-ms files. This vulnerability could allow an attacker to execute arbitrary code if the attacker convinces a user to open a specially crafted .dvr-ms file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


Further information on this exploit is available at : MS11-092

Affected Software

Windows XP Media Center Edition 2005 Service Pack 3 (KB2619340)
Windows XP Service Pack 3 (KB2619339)
Windows XP Professional x64 Edition Service Pack 2 (KB2619339)
Windows Vista Service Pack 2 (KB2619339)
Windows Vista x64 Edition Service Pack 2 (KB2619339)
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 (KB2619339)
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 (KB2619339)