Overview
» IDS/IPS Signatures
Security Sites
iPolicy Networks Security Advisory
 

Microsoft Windows MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability   
Date Discovered: 04/13/2009
Severity: High
Operating Systems Affected: Microsoft Windows 2000 SP4
Microsoft Windows XP SP2 & SP3
Microsoft Windows XP Professional x64 SP2
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1 & SP2
Microsoft Windows Vista x64
Microsoft Windows Vista x64 SP1 & SP2
Microsoft Windows Server 2008 32-bit
Microsoft Windows Server 2008 32-bit SP2
Microsoft Windows Server 2008 x64
Microsoft Windows Server 2008 x64 SP2
Applications Affected: MPEG Layer-3 Audio Codecs
Type: Remote
Identifiers: CVE-2010-0480
Synopsis

Microsoft Windows MPEG Layer-3 Audio Decoder is prone to stack overflow vulnerability, which could be exploited to execute arbitrary code and take complete control of an affected system.
Recommended Actions
Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms10-026.mspx
Threat Analysis

Microsoft MPEG Layer-3 Codecs are used for encoding and/or decoding a digital data stream. Windows Media Player and other programs use these codecs to play and create digital media files.

The vulnerability exists in Microsoft MPEG Layer-3 audio codecs due to improper handling of specially crafted AVI files containing an MPEG Layer-3 audio stream. Successful exploitation of this vulnerability may result in remote code execution.

A remote attacker could exploit this vulnerability by sending a specially crafted AVI file to the target user and convincing the user to open the file. After successful exploitation, attacker can take complete control of an affected system remotely and then install programs; view, change, or delete data; or create new accounts with full user rights.
References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0480

Write-up by: Dheeraj Johri