ID CVE-2012-0004
Summary Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:2005:sp3:media_center:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:2005:sp3:media_center:*:*:*:*:*
CVSS
Base: 9.3 (as of 26-02-2019 - 14:04)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2012-05-21T04:00:09.846-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Josh Turpin
    organization Symantec Corporation
  • name Stelios Melachrinoudis
    organization The MITRE Corporation
definition_extensions
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 (ia64) SP2 is installed
    oval oval:org.mitre.oval:def:1442
  • comment Microsoft Windows Vista (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6124
  • comment Microsoft Windows Vista x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5594
  • comment Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
    oval oval:org.mitre.oval:def:5653
  • comment Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6216
  • comment Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
    oval oval:org.mitre.oval:def:6150
  • comment Microsoft Windows 7 (32-bit) is installed
    oval oval:org.mitre.oval:def:6165
  • comment Microsoft Windows 7 x64 Edition is installed
    oval oval:org.mitre.oval:def:5950
  • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
    oval oval:org.mitre.oval:def:6438
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
    oval oval:org.mitre.oval:def:5954
  • comment Microsoft Windows 7 (32-bit) Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12292
  • comment Microsoft Windows 7 x64 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12627
  • comment Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12567
  • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed
    oval oval:org.mitre.oval:def:12583
description Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
family windows
id oval:org.mitre.oval:def:14832
status accepted
submitted 2012-01-10T13:00:00
title DirectShow Remote Code Execution Vulnerability
version 73
refmap via4
bid 51295
cert TA12-010A
ms MS12-004
sectrack 1026492
secunia 47485
Last major update 26-02-2019 - 14:04
Published 10-01-2012 - 21:55
Back to Top