漏洞起因
设计错误
危险等级
中
影响系统
Microsoft Windows XP Tablet PC Edition SP3
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Service Pack 3 0
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional SP3
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP3
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Gold 0
Microsoft Windows XP Embedded SP2 Feature Pack 2007 0
Microsoft Windows XP Embedded SP3
Microsoft Windows XP Embedded SP2
Microsoft Windows XP Embedded SP1
Microsoft Windows XP Embedded
Microsoft Windows XP Gold Tablet Pc
Microsoft Windows XP Gold Professional
Microsoft Windows XP Gold Media Center
Microsoft Windows XP Gold Embedded
Microsoft Windows XP 0
Microsoft Windows XP – Gold X64
Microsoft Windows XP – Gold Home
Microsoft Windows XP – Gold 64-Bit-2002
Microsoft Windows Vista Ultimate 64-bit edition SP2
Microsoft Windows Vista Ultimate 64-bit edition SP1
Microsoft Windows Vista Ultimate 64-bit edition 0
Microsoft Windows Vista Home Premium 64-bit edition SP2
Microsoft Windows Vista Home Premium 64-bit edition SP1
Microsoft Windows Vista Home Premium 64-bit edition 0
Microsoft Windows Vista Home Basic 64-bit edition Sp2 X64
Microsoft Windows Vista Home Basic 64-bit edition SP2
Microsoft Windows Vista Home Basic 64-bit edition Sp1 X64
Microsoft Windows Vista Home Basic 64-bit edition SP1
Microsoft Windows Vista Home Basic 64-bit edition 0
Microsoft Windows Vista Enterprise 64-bit edition SP2
Microsoft Windows Vista Enterprise 64-bit edition SP1
Microsoft Windows Vista Enterprise 64-bit edition 0
Microsoft Windows Vista Ultimate SP2
Microsoft Windows Vista Ultimate SP1
Microsoft Windows Vista Ultimate
Microsoft Windows Vista SP2
Microsoft Windows Vista SP1
Microsoft Windows Vista Home Premium SP2
Microsoft Windows Vista Home Premium SP1
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Home Basic SP2
Microsoft Windows Vista Home Basic SP1
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Enterprise SP2
Microsoft Windows Vista Enterprise SP1
Microsoft Windows Vista Enterprise
Microsoft Windows Media Center TV Pack for Windows Vista 64-bit edition 0
Microsoft Windows Media Center TV Pack for Windows Vista 32-bit edition 0
Microsoft Windows 7 Ultimate 0
Microsoft Windows 7 Professional 0
Microsoft Windows 7 Home Premium 0
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for x64-based Systems 0
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 7 for 32-bit Systems 0
不受影响系统
危害
远程攻击者可以利用漏洞以应用程序上下文执行任意代码。
攻击所需条件
攻击者必须构建恶意.dvr-ms媒体文件,诱使用户访问。
漏洞信息
Microsoft Windows Media Player是一款流行的媒体播放程序; Microsoft Windows Media Services是一款流行的流媒体服务程序。
在解析微软数字视频记录(.dvr-ms)媒体文件时Microsoft Windows Media Player/Windows Media Center提供的流缓冲引擎(SBE.dll)存在一个未明错误,远程攻击者可以利用此漏洞以应用进程上下文执行任意代码。
测试方法
厂商解决方案
用户可参考如下供应商提供的安全补丁:
Microsoft Windows Vista Home Premium SP2
Microsoft Windows6.1-KB2479943-x86.msu
http://www.microsoft.com/downloads/details.aspx?familyid=1BE77DAA-29B1 -4DAE-A87F-2CB8F7E6A305
Microsoft Windows XP Media Center Edition SP3
Microsoft WindowsXP-KB2479943-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=D8284BFA-ED6C -4647-9FB0-588E53173775
Microsoft Windows XP Professional x64 Edition SP2
Microsoft WindowsServer2003.WindowsXP-KB2479943-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=5270B5D3-3720 -42A2-A8CF-67089C0CC658
Microsoft Windows XP Tablet PC Edition SP3
Microsoft WindowsXP-KB2479943-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=D8284BFA-ED6C -4647-9FB0-588E53173775
Microsoft Windows Vista SP1
Microsoft Windows6.0-KB2479943-x86.msu
http://www.microsoft.com/downloads/details.aspx?familyid=F9F1DDE2-2219 -4BF1-A497-EDD011577B96
Microsoft Windows Vista SP2
Microsoft Windows6.0-KB2479943-x86.msu
http://www.microsoft.com/downloads/details.aspx?familyid=F9F1DDE2-2219 -4BF1-A497-EDD011577B96
Microsoft Windows XP Home SP3
Microsoft WindowsXP-KB2479943-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=D8284BFA-ED6C -4647-9FB0-588E53173775
Microsoft Windows Media Center TV Pack for Windows Vista 32-bit edition 0
Microsoft Security Update for Windows Vista Media Center TVPack 2008 (KB2494132)
http://www.microsoft.com/downloads/en/details.aspx?familyid=1BC240B3-1 938-4350-B26F-67B81A79F8A0&displaylang=en
漏洞提供者
Matthew Watchinski of Sourcefire VRT
0 条评论。