Check Point Advisories

Update Protection against Microsoft MJPEG Decoder Vulnerability (MS08-033)

Check Point Reference: CPAI-2008-099
Date Published: 8 Jul 2008
Severity: Critical
Last Updated: Wednesday 16 July, 2008
Source: Microsoft Security Bulletin MS08-033
Industry Reference:CVE-2008-0011
Protection Provided by:
Who is Vulnerable? Microsoft Windows 2000 SP4
Windows XP SP2
Windows XP SP3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Windows Vista
Windows Vista SP1
Windows Vista x64 Edition
Windows Vista x64 Edition SP1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 (Itanium)
Vulnerability Description A remote code execution vulnerability has been reported in the way that the Windows MJPEG Codec handles MJPEG streams in media files. MJPEG is a media file that contains a number of JPEG images that have been connected together to create a video stream. A remote attacker may exploit this vulnerability to take complete control of an affected system.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS08-033
Vulnerability DetailsThe vulnerability is due to the way Windows performs error checking on MJPEG video streams embedded in ASF or AVI media files. A remote attacker might exploit this issue by convincing a victim to open a media file with a specially crafted MJPEG file embedded in it. Successful exploitation of this vulnerability may allow the attacker to execute arbitrary code on a target system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK