#VU1401 Memory corruption in Windows and Windows Server
Vulnerability identifier: #VU1401
Vulnerability risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Windows
Operating systems & Components /
Operating system
Windows Server
Operating systems & Components /
Operating system
Vendor: Microsoft
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling certain functions in compressed audio files. A remote attacker can create a specially crafted media file or streaming content, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Mitigation
Install update from vendor's website:
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b
https://www.microsoft.com/downloads/details.aspx?familyid=8f850a82-61f9-447b-a0aa-a2c192cc5d2e
https://www.microsoft.com/downloads/details.aspx?familyid=6dfd5405-cabe-4bd7-9330-b6bde1d99194
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b
https://www.microsoft.com/downloads/details.aspx?familyid=746d3440-5a6a-421e-9286-7b534a1dfe54
https://www.microsoft.com/downloads/details.aspx?familyid=6ecc7129-8caa-4daf-a8e2-8f3536225fb3
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=c116ae9d-e416-4b7d-be75-4b4b2ebcc33a
https://www.microsoft.com/downloads/details.aspx?familyid=4729de51-8fd8-46c6-b4ad-9c9f25202684
https://www.microsoft.com/downloads/details.aspx?familyid=fe0d51b2-345e-4eb7-a036-d8c3f6a683d2
https://www.microsoft.com/downloads/details.aspx?familyid=a866a490-6d3a-4ecd-acf4-770312ba2fd6
https://www.microsoft.com/downloads/details.aspx?familyid=46daf7c7-1cd3-4f47-9c7a-d5eb6ea7327b
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b
https://www.microsoft.com/downloads/details.aspx?familyid=00b3cb86-c9eb-4fbe-987e-2b0d94271d87
https://www.microsoft.com/downloads/details.aspx?familyid=ab1803ff-2371-487f-a7b6-95747c46ba4e
DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager on Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=c116ae9d-e416-4b7d-be75-4b4b2ebcc33a
https://www.microsoft.com/downloads/details.aspx?familyid=13ba4839-7fa9-4bbb-95f6-3fafb6c49f20
https://www.microsoft.com/downloads/details.aspx?familyid=fe0d51b2-345e-4eb7-a036-d8c3f6a683d2
https://www.microsoft.com/downloads/details.aspx?familyid=46daf7c7-1cd3-4f47-9c7a-d5eb6ea7327b
Windows Media Audio Voice Decoder on Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=f17ee0ea-f1e2-49f4-9f90-60296246ddfe
Windows Media Audio Voice Decoder on Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=26905f12-92c7-4d45-99e7-227f03d2cb82
Windows Media Audio Voice Decoder on Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=2eaa9857-a147-4f31-9bf4-b9e2cf4c15c3
Windows Media Audio Voice Decoder on Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=70aabba3-53d6-4b52-be83-6d3f3869ecbd
Vulnerable software versions
Windows: Vista, 2000, XP
Windows Server: 2003 - 2008
External links
http://technet.microsoft.com/en-us/library/security/ms09-051.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
