ID CVE-2011-0032
Summary Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
References
Vulnerable Configurations
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows 7 64-bit Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_7:-:sp1:x64
  • Microsoft Windows 7 x86 Service Pack 1
    cpe:2.3:o:microsoft:windows_7:-:sp1:x86
  • Windows Server 2008 R2 for 32-bit Systems
    cpe:2.3:o:microsoft:windows_server_2008:r2:-:x64
  • Microsoft Windows Server 2008 R2 Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:x64
  • Microsoft Windows Vista Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_vista:-:sp1
  • Microsoft Windows Vista Service Pack 1 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp1:x64
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
  • Microsoft Windows Vista Service Pack 2 x64 (64-bit)
    cpe:2.3:o:microsoft:windows_vista:-:sp2:x64
  • cpe:2.3:a:microsoft:windows_media_center_tv_pack
    cpe:2.3:a:microsoft:windows_media_center_tv_pack
  • cpe:2.3:o:microsoft:windows_vista:-:x32
    cpe:2.3:o:microsoft:windows_vista:-:x32
  • cpe:2.3:o:microsoft:windows_vista:-:x64
    cpe:2.3:o:microsoft:windows_vista:-:x64
CVSS
Base: 9.3 (as of 10-03-2011 - 09:23)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS11-015
bulletin_url
date 2011-03-08T00:00:00
impact Remote Code Execution
knowledgebase_id 2510030
knowledgebase_url
severity Critical
title Vulnerabilities in Windows Media Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS11-015.NASL
description The remote Windows host has at least one of the following vulnerabilities in Media Player or Media Center : - DirectShow does not adequately restrict the path used for loading external libraries. A remote attacker could exploit this by tricking a user into opening a specially crafted file, resulting in arbitrary code execution. (CVE-2011-0032) - There is an unspecified code execution vulnerability when Media Player and Media Center attempt to open specially crafted .dvr-ms files.
last seen 2019-02-21
modified 2018-11-15
plugin id 52583
published 2011-03-08
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=52583
title MS11-015: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
oval via4
accepted 2014-03-03T04:00:30.852-05:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:4873
  • comment Microsoft Windows Vista x64 Edition Service Pack 1 is installed
    oval oval:org.mitre.oval:def:5254
  • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6124
  • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5594
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12292
  • comment Microsoft Windows 7 x64 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12627
  • comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12567
description Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
family windows
id oval:org.mitre.oval:def:12506
status accepted
submitted 2011-03-08T14:00:00
title DirectShow Insecure Library Loading Vulnerability
version 73
refmap via4
bid 46682
cert TA11-067A
ms MS11-015
osvdb 71015
sectrack 1025170
secunia 43626
vupen ADV-2011-0615
Last major update 04-10-2011 - 22:51
Published 09-03-2011 - 18:00
Last modified 30-10-2018 - 12:27
Back to Top