MS10-093: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434)

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by a remote code execution
vulnerability.

Description :

The remote Windows host is missing a security update. It is,
therefore, affected by a flaw in Windows Movie Maker due to a failure
to correctly restrict the path being used for loading external
libraries. An unauthenticated, remote attacker can exploit this to
execute arbitrary code with the user's privileges by convincing the
user to open a specially crafted Windows Movie Maker (.mswmm) file
that is located in the same network directory as a specially crafted
dynamic link library (DLL) file.

See also :

https://technet.microsoft.com/library/security/MS10-093

Solution :

Microsoft has released a set of patches for Windows Vista.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 51165 ()

Bugtraq ID: 42659

CVE ID: CVE-2010-3967

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now