|
 |
|
Windows Media Format Runtime ASF-Parsing Sicherheitslücken
|
|
|
|
|
Secunia Advisory:
|
SA28034
|
|
|
Herausgegeben:
|
2007-12-11
|
|
Last Update:
|
2007-12-13
|
|
|
Gefahrenstufe:
|
Sehr kritisch
|
|
Auswirkung:
|
Systemzugriff
|
|
Von Wo:
|
Aus dem Internet
|
|
Lösungsstatus:
|
Hersteller-Patch
|
|
| OS: | Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
|
| | Software: | Microsoft Windows Media Format Runtime 11.x
Microsoft Windows Media Format Runtime 7.x
Microsoft Windows Media Format Runtime 9.x
Microsoft Windows Media Services 9.x
|
| | CVE reference: | CVE-2007-0064 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Beschreibung:
IBM X-Force hat vier Sicherheitslücken in Windows Media Format Runtime / Windows Media Services gemeldet, die böswillige Personen ausnutzen können, um das System eines Benutzers zu kompromittieren.
Die Sicherheitslücken werden durch Begrenzungsfehler beim Parsen von ASF-Dateien (Advanced Systems Format) verursacht und können ausgenutzt werden, um Heap-basierte Pufferüberläufe zu verursachen, falls ein Benutzer eine speziell präparierte ASF-Datei in einer Anwendung betrachtet, welche die Komponente verwendet (z.B. Windows Media Player).
Eine erfolgreiche Ausnutzung könnte die Ausführung von beliebigem Code erlauben.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Lösung:
Verwenden Sie die Patches.
Windows 2000 SP4 with Windows Media Format Runtime 7.1:
http://www.microsoft.com/downloads/de...=eecdf2ce-9aa7-4f0c-b62b-2fa7a32f369e
Windows 2000 SP4 with Windows Media Format Runtime 9:
http://www.microsoft.com/downloads/de...=eecdf2ce-9aa7-4f0c-b62b-2fa7a32f369e
Windows XP SP2 with Windows Media Format Runtime 9:
http://www.microsoft.com/downloads/de...=bece702a-6e61-433e-8275-20f4e84f2c92
Windows XP SP2 with Windows Media Format Runtime 9.5:
http://www.microsoft.com/downloads/de...=bece702a-6e61-433e-8275-20f4e84f2c92
Windows XP Professional x64 Edition (optionally with SP2) with Windows Media Format Runtime 9.5:
http://www.microsoft.com/downloads/de...=81f20b45-dfc7-4ddf-a4b4-6c0e9476ed51
Windows Server 2003 SP1/SP2 with Windows Media Format Runtime 9.5:
http://www.microsoft.com/downloads/de...=8fea7da8-a7f3-4786-97c2-fb5ea7018159
Windows Server 2003 x64 Edition (optionally with SP2) with Windows Media Format Runtime 9.5:
http://www.microsoft.com/downloads/de...=ffc69c76-02f1-4b15-8ec1-dab8c7e33bd4
Windows XP Professional x64 Edition (optionally with SP2) with Windows Media Format Runtime 9.5 x64 Edition:
http://www.microsoft.com/downloads/de...=72d2ca0e-da81-45ee-9321-4970b80f4a5a
Windows Server 2003 x64 Edition (optionally with SP2) with Windows Media Format Runtime 9.5 x64 Edition:
http://www.microsoft.com/downloads/de...=ffc69c76-02f1-4b15-8ec1-dab8c7e33bd4
Windows XP SP2 with Windows Media Format Runtime 11:
http://www.microsoft.com/downloads/de...=bece702a-6e61-433e-8275-20f4e84f2c92
Windows XP Professional x64 Edition (optionally with SP2) with Windows Media Format Runtime 11:
http://www.microsoft.com/downloads/de...=1037b224-ac89-4efd-b189-6f3da77a88e6
Windows Vista with Windows Media Format Runtime 11:
http://www.microsoft.com/downloads/de...=9a98ef96-bc2e-42b7-9a24-c82c8fb379db
Windows Vista x64 Edition with Windows Media Format Runtime 11:
http://www.microsoft.com/downloads/de...=3ce02c95-d695-4f14-9fb3-30c83a9cfb9c
Windows Server 2003 SP1/SP2 with Windows Media Services 9.1:
http://www.microsoft.com/downloads/de...=096711d4-ce01-45d0-9c2d-ebfa5c671b9f
Windows Server 2003 x64 Edition (optionally with SP2) with Windows Media Services 9.1 x64 Edition:
http://www.microsoft.com/downloads/de...=23c23800-5aaa-455b-96bf-4ead4dfdd95d
Gemeldet und/oder entdeckt von:
Ryan Smith und Alex Wheeler, ISS X-Force.
Änderungen:
2007-12-12: Weitere Informationen von IBM X-Force hinzugefügt.
2007-12-13: Link zum US-CERT hinzugefügt.
Original Advisory:
MS07-068 (KB941569 / KB944275):
http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
IBM X-Force:
http://www.iss.net/threats/279.html
Andere Referenzen:
US-CERT VU#319385:
http://www.kb.cert.org/vuls/id/319385
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
280 Related Secunia Security Advisories, displaying 10
|
|
|
1. Microsoft SQL Server und MSDE Mehrere Sicherheitslücken
|
|
2. Microsoft Windows Explorer gespeicherte Suche Sicherheitslücke
|
|
3. Microsoft Windows DNS-Spoofing Sicherheitslücken
|
|
4. Microsoft Windows Pragmatic General Multicast Denial of Service
|
|
5. Microsoft Windows Active Directory Verarbeitung von LDAP-Anfragen Denial of Service
|
|
6. Microsoft Windows WINS Rechteerweiterung
|
|
7. Microsoft DirectX MJPEG/SAMI Sicherheitslücken
|
|
8. Microsoft Windows Spracherkennung Sicherheitsproblem
|
|
9. Apple Safari unter Windows Ausführung von Code
|
|
10. Microsoft Windows XP I2O Utility Filter Driver Ausweitung von Rechten
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
