Mailing List

Name:

Email:

Archive

Archive

[SingCERT] Microsoft Windows 'MPEG2TuneRequest' Object Remote Code Execution Vulnerability

Last Updated on Friday, 07 August 2009 07:06

Attention: open in a new window. PDFPrintE-mail

[ Summary ]
Microsoft Windows is prone to a remote code-execution vulnerability.

This vulnerability affects the ‘MPEG2TuneRequest’ object and can be triggered when the object is instantiated with malformed input through the ‘data’ parameter. Attackers can exploit the vulnerability to execute arbitrary code by enticing a vulnerable user to visit a malicious site. The vulnerability is being exploited in the wild in limited attacks. Currently there are no patches released for this vulnerability.

 

[ Affected Systems ]

Microsoft Windows XP
Microsoft Windows XP Home
Microsoft Windows XP Professional

Microsoft Windows XP 64-bit Edition
Microsoft Windows XP 64-bit Edition  SP1
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP 64-bit Edition Version 2003  SP1
Microsoft Windows XP Gold
Microsoft Windows XP Home
Microsoft Windows XP Home  SP1
Microsoft Windows XP Home  SP2
Microsoft Windows XP Home  SP3
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Media Center Edition  SP1
Microsoft Windows XP Media Center Edition  SP2
Microsoft Windows XP Media Center Edition  SP3
Microsoft Windows XP Professional
Microsoft Windows XP Professional  SP1
Microsoft Windows XP Professional  SP2
Microsoft Windows XP Professional  SP3
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition  SP3
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Tablet PC Edition  SP1
Microsoft Windows XP Tablet PC Edition  SP2
Microsoft Windows XP Tablet PC Edition  SP3

 

 

[ Solution/Workaround ]

Disable Active Scripting in Internet Explorer or set the kill bit on the ActiveX with CLSID:
0955AC62-BF2E-4CBA-A2B9-A63F772D46CF
Please see Microsoft support document 240797 for details on setting the kill bit for CLSIDs.

Users should also exercise caution while accessing untrusted sites and not follow links from unknown sources.


[ Reference ]

http://support.microsoft.com/kb/240797

 

< Prev   Next >