HighIBM Security Server Protection for Windows, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, RealSecure Network, RealSecure Server Sensor, Proventia Desktop, Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This event is signalled on the network transfer of a Microsoft Movie Maker file or Microsoft Producer 2003 file containing data that could cause an overflow of an allocated buffer in memory and execute arbitrary code specified by an attacker.
High
IBM Security Server Protection for Windows: 2.0.300.2490, IBM Security Server Protection for Windows: 2.1.14.2490, Proventia Network MFS: XPU 30.030, Proventia-G 1.1 and earlier: XPU 30.030, Proventia Network IDS: XPU 30.030, RealSecure Network: XPU 30.030, RealSecure Server Sensor: XPU 30.030, Proventia Desktop: 2490, Proventia Network IPS: XPU 30.030, Virtual Server Protection for Vmware: XPU 30.030, Proventia Server IPS for Linux technology: 30.030
Microsoft Windows XP: SP2, Microsoft PowerPoint: 2003, Microsoft Windows Vista, Microsoft Windows Vista: x64, Microsoft Windows XP: SP2 x64 Professional, Microsoft Windows Vista: SP1, Microsoft Windows Vista: SP1 x64, Microsoft Windows XP: SP3, Microsoft Windows Vista: SP2 x64, Microsoft Windows Vista: SP2, Microsoft Windows 7, Microsoft Movie Maker: 2.1, Microsoft Movie Maker: 6.0, Microsoft Movie Maker: 2.6, Microsoft Producer: 2003
Unauthorized Access Attempt
Microsoft Movie Maker and Microsoft Producer are vulnerable to a buffer overflow, caused by improper bounds checking when parsing malicious Movie Maker (.mswmm) or Producer files. By persuading a victim to open a specially-crafted Movie Maker or Producer project file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS10-016
Vulnerability in Microsoft Movie Maker Could Allow Remote Code Execution (975561)
http://www.microsoft.com/technet/security/bulletin/ms10-016.mspx
IBM Internet Security Systems Protection Alert
Microsoft Movie Maker Buffer Overflow
http://www.iss.net/threats/362.html
Microsoft Security Bulletin MS10-050
Vulnerability in Movie Maker Could Allow Remote Code Execution (981997)
http://www.microsoft.com/technet/security/bulletin/ms10-050.mspx
Offensive Security Exploit Database [09-4-2010]
MOAUB #4 - Movie Maker Remote Code Execution (MS10-016)
http://www.exploit-db.com/exploits/14886/
Microsoft Security Bulletin MS10-093
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434)
http://www.microsoft.com/technet/security/bulletin/ms10-093.mspx
ISS X-Force
Microsoft Movie Maker and and Microsoft Producer buffer overflow
http://www.iss.net/security_center/static/56460.php
CVE
CVE-2010-0265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0265