Two Windows Media Playback Vulnerabilities Could Allow Remote Code Execution
( Microsoft Security Bulletin MS12-004, CVE-2012-0003, CVE-2012-0004 )
Summary
Two vulnerabilities in Microsoft Windows' media playing functionality could allow a remote attacker to take control of a targeted system and execute arbitrary code. One of these issues, which relates to how Media Player handles MIDI files, is ranked Critical, while the other concerns DirectShow's improper parsing of media files and is ranked High. The Check Point IPS Software Blade provides network protection against both vulnerabilities.
Details
Windows Media Player is a media player and media library application developed by Microsoft that is used for playing audio, video and viewing images. DirectShow is a technology in Windows that allows the capture and playback of streaming media.
Both of these issues can be exploited by an attacker by convincing the user of a targeted system to open maliciously crafted media files. Windows Media Player has a critical vulnerability in the way that it handles MIDI (Musical Instrument Digital Interface) files, while DirectShow improperly parses specially crafted media files. A successful attack employing either of these issues can give the attacker the ability to execute arbitrary code in the security context of the logged-in user.
Solution
Check Point recommends deploying the patches described in Microsoft Security Bulletin MS12-004 as soon as is practical. For unpatched systems, the Check Point IPS Software Blade provides immediate protection in the latest update by detecting and blocking the transferal of malicious MIDI files as well as attempts to open maliciously crafted media files. For more information about these issues and which Microsoft products are affected by each, see CPAI-2012-014 and CPAI-2012-019.
Originally Published:
Last Updated: 11-Jan-2012