Summary
This host is installed with Microsoft Video ActiveX Control and is prone to Buffer Overflow vulnerability.
Impact
Successful exploitation could allow execution of arbitrary code that affects the TV Tuner library, and can cause memory corruption.
Impact Level: Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS09-032.mspx
Workaround:
Set the killbit for the CLSID {0955AC62-BF2E-4CBA-A2B9-A63F772D46CF} http://www.microsoft.com/technet/security/advisory/972890.mspx
Insight
- Stack-based buffer overflow error in MPEG2TuneRequest in msvidctl.dll in Microsoft DirectShow can be exploited via a crafted web page.
- Unspecified error in msvidctl.dll is caused via unknown vectors that trigger memory corruption.
Affected
Microsoft Video ActiveX Control on Windows 2000/XP/2003
References
Severity
Classification
-
CVE CVE-2008-0015, CVE-2008-0020 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities