ID CVE-2010-3225
Summary Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows Vista Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_vista:-:sp1
  • Microsoft Windows Vista Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp1:x64
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
  • Microsoft Windows Vista Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp2:x64
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
CVSS
Base: 7.6 (as of 14-10-2010 - 13:01)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS10-075
bulletin_url
date 2010-10-12T00:00:00
impact Remote Code Execution
knowledgebase_id 2281679
knowledgebase_url
severity Critical
title Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS10-075.NASL
description A use-after-free vulnerability exists in the Microsoft Windows Media Player Network Sharing Service installed on the remote host. By sending a specially crafted Real Time Streaming Protocol (RTSP) packet to the affected service, a remote attacker may be able to leverage this vulnerability to execute arbitrary code in the security context of the Network Service account.
last seen 2019-02-21
modified 2018-11-15
plugin id 49952
published 2010-10-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=49952
title MS10-075: Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679)
oval via4
accepted 2010-11-29T04:00:13.552-05:00
class vulnerability
contributors
name Josh Turpin
organization Symantec Corporation
definition_extensions
  • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:4873
  • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
    oval oval:org.mitre.oval:def:5254
  • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6124
  • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5594
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
description Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability."
family windows
id oval:org.mitre.oval:def:6684
status accepted
submitted 2010-08-10T13:00:00
title RTSP Use After Free Vulnerability
version 68
refmap via4
cert TA10-285A
ms MS10-075
Last major update 04-10-2011 - 22:48
Published 13-10-2010 - 15:00
Last modified 30-10-2018 - 12:27
Back to Top