Home News Security Avaya Enterprise (Fomerly Nortel Enterprise) Response to Microsoft Security Bulletin MS10-026
Avaya Enterprise (Fomerly Nortel Enterprise) Response to Microsoft Security Bulletin MS10-026 PDF Print E-mail
Thursday, 22 April 2010 01:30
On Tuesday, April 13th, Microsoft released security update MS10-026 - Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816). This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft ratings for MS10-026: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability - CVE-2010-0480 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0480 A remote code execution vulnerability exists in the way that Microsoft MPEG Layer-3 codecs handle AVI media files. This vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Pleas
Source : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=1004899&poid=  
< Prev   Next >
 
click here