---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Movie Maker Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA38791 VERIFY ADVISORY: http://secunia.com/advisories/38791/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the bundled Movie Maker application when parsing project files. This can be exploited to cause a buffer overflow when viewing a specially crafted file. Successful exploitation may allow execution of arbitrary code. NOTE: Systems running Windows 7 do not bundle Movie Maker and are, therefore, not affected by default. SOLUTION: Apply patches. Windows XP SP2/SP3 and Movie Maker 2.1: http://www.microsoft.com/downloads/details.aspx?familyid=6301E462-02BE-4B9A-BAE9-7C4821B42D2D Windows XP Professional x64 Edition SP2 and Movie Maker 2.1: http://www.microsoft.com/downloads/details.aspx?familyid=CAE81585-D0DF-41B8-9277-CA02F1265056 Windows Vista (optionally with SP1/SP2) and Movie Maker 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=AE2E9B75-1616-4FE3-91BB-E2E28252FF1C Windows Vista (optionally with SP1/SP2) and Movie Maker 2.6: http://www.microsoft.com/downloads/details.aspx?familyid=CA2D1118-CA64-419D-86AF-9396E61B90B0 Windows Vista x64 Edition (optionally with SP1/SP2) and Movie Maker 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=E27F353E-DEB6-4D61-8808-C751D20A42A1 Windows Vista x64 Edition (optionally with SP1/SP2) and Movie Maker 2.6: http://www.microsoft.com/downloads/details.aspx?familyid=6A1F4126-97F2-4AEE-BFE1-05BD13A0667B Windows 7 for 32-bit Systems and Movie Maker 2.6: http://www.microsoft.com/downloads/details.aspx?familyid=822254EB-2EA6-47A5-B5F8-45EF8EE53447 Windows 7 for x64-based Systems and Movie Maker 2.6: http://www.microsoft.com/downloads/details.aspx?familyid=0FBF3063-1C2D-408C-A7B5-0C5857593C6F NOTE: Some links may not currently work as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. PROVIDED AND/OR DISCOVERED BY: Currently not available as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. ORIGINAL ADVISORY: MS10-016 (KB975561): http://www.microsoft.com/technet/security/bulletin/ms10-016.mspx NOTE: The link may not currently work as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------