漏洞信息详情
Microsoft Movie Maker Producer IsValidWMToolsStream()函数堆溢出漏洞
- CNNVD编号:CNNVD-201003-150
- 危害等级: 超危
- CVE编号: CVE-2010-0265
- 漏洞类型: 缓冲区溢出
- 发布时间: 2010-03-10
- 威胁类型: 远程
- 更新时间: 2010-03-12
- 厂 商: microsoft
- 漏洞来源: Damian Frizza
漏洞简介
Movie Maker是Windows操作系统中所提供的一个电影编辑软件,Producer是PowerPoint中可安装的可选组件,用于创建可在浏览器中查看的多媒体演示。
Windows Movie Maker在处理畸形.MSWMM项目文件时存在堆溢出漏洞,可能导致写访问破坏并执行任意代码。
漏洞的起因是IsValidWMToolsStream()函数,该函数中两次使用了不同大小的*pbuffer,在第二次使用时从MSWMM文件读取了数据且在重用pbuffer之前没有重新分配。如果从文件读取的大小大于初始的内部值,就可以导致堆溢出。Microsoft Producer中也可以触发这个漏洞,只需将扩展名从.MSWMM更改为.MSProducer。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Microsoft Movie Maker 2.1
Microsoft Security Update for Windows XP x64 Edition (KB975561)
http://www.microsoft.com/downloads/details.aspx?familyid=CAE81585-D0DF -41B8-9277-CA02F1265056
Microsoft Security Update for Windows XP (KB975561)
http://www.microsoft.com/downloads/details.aspx?familyid=6301E462-02BE -4B9A-BAE9-7C4821B42D2D
Microsoft Movie Maker 2.6
Microsoft Security Update for Movie Maker 2.6 for Windows Vista for x64-based Systems (KB975561)
http://www.microsoft.com/downloads/details.aspx?familyid=6A1F4126-97F2 -4AEE-BFE1-05BD13A0667B
Microsoft Security Update for Windows 7 for x64-based Systems (KB975561)
http://www.microsoft.com/downloads/details.aspx?familyid=0FBF3063-1C2D -408C-A7B5-0C5857593C6F
Microsoft Security Update for Movie Maker 2.6 for Windows Vista (KB975561)
http://www.microsoft.com/downloads/details.aspx?familyid=CA2D1118-CA64 -419D-86AF-9396E61B90B0
Microsoft Security Update for Windows 7 (KB975561)
http://www.microsoft.com/downloads/details.aspx?familyid=822254EB-2EA6 -47A5-B5F8-45EF8EE53447
Microsoft Movie Maker 6.0
Microsoft Security Update for Movie Maker 6.0 for Windows Vista for x64-based Systems (KB975561)
http://www.microsoft.com/downloads/details.aspx?familyid=E27F353E-DEB6 -4D61-8808-C751D20A42A1
Microsoft Security Update for Movie Maker 6.0 for Windows Vista (KB975561)
http://www.microsoft.com/downloads/details.aspx?familyid=AE2E9B75-1616 -4FE3-91BB-E2E28252FF1C
参考网址
来源: MS
名称: MS10-016
链接:http://www.microsoft.com/technet/security/Bulletin/MS10-016.mspx
来源:NSFOCUS 名称:14604 链接:http://www.nsfocus.net/vulndb/14604
受影响实体
- Microsoft Windows_movie_maker:2.6
- Microsoft Producer:2003
- Microsoft Windows_movie_maker:2.6
- Microsoft Windows_movie_maker:6.0
- Microsoft Windows_movie_maker:6.0
补丁
- Security Update for Windows XP (KB975561)
- Security Update for Movie Maker 6.0 for Windows Vista for x64-based Systems (KB975561)
- Security Update for Movie Maker 2.6 for Windows Vista (KB975561)
- Security Update for Windows 7 for x64-based Systems (KB975561)
- Security Update for Movie Maker 6.0 for Windows Vista (KB975561)
评论