TECHNICAL BULLETIN
TECHNICAL BULLETIN
| PROBLEM: | Microsoft Windows 'MPEG2TuneRequest' ActiveX Control Vulnerability allows Remote Code Execution |
| PLATFORM: | Microsoft Windows XP Tablet PC Edition SP3 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition SP3 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP3 Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP3 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP3 Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP Gold 0 Microsoft Windows XP 64-bit Edition Version 2003 SP1 Microsoft Windows XP 64-bit Edition Version 2003 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP 0 Microsoft Windows Server 2003 x64 SP2 Microsoft Windows Server 2003 x64 SP1 Microsoft Windows Server 2003 Web Edition SP2 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP2 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 Itanium SP1 Microsoft Windows Server 2003 Itanium 0 Microsoft Windows Server 2003 Enterprise x64 Edition SP2 Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition SP2 Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition 3DM Software Disk Management Software SP2 3DM Software Disk Management Software SP1 3DM Software Disk Management Software R2 Platfom SDK |
| ABSTRACT: | Microsoft Windows is prone to a remote code-execution vulnerability that affects the TV Tuner library. |
| LINKS: | |
| DOE-CIRC BULLETIN: | http://www.doecirc.energy.gov/bulletins/t-181.shtml |
| OTHER LINKS: |
Microsoft Website http://support.microsoft.com/kb/240797 http://www.microsoft.com/technet/security/advisory/972890.mspx Technet Website http://blogs.technet.com/srd/archive/2009/07/06/new-vulnerability-in-mpeg2tunerequest-activex-control-object-in-msvidctl-dll.aspx |
| IMPACT ASSESSMENT: | This risk is high. Exploits for this issue have been reported in the wild. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. |
Discussion:
Microsoft Windows is prone to a remote code-execution vulnerability that affects the TV Tuner library.
An attacker could exploit this issue by enticing a victim to visit a maliciously crafted website.
Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
Windows XP SP3 and Windows Server 2003 are vulnerable; other versions may also be affected.
Exploit code is available.
Exploits for this issue have been reported in the wild.
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
* /data/vulnerabilities/exploits/35558.html
* /data/vulnerabilities/exploits/35558.rb
* /data/vulnerabilities/exploits/35558.py
Solution:
Currently we are not aware of any vendor-supplied patches.
Recommendation:
Monitor your system for any suspicious activity.
Voice: 866-941-2472
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov