MS10-025: Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858) (uncredentialed check)

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.


Synopsis :

The remote media service is affected by a remote code execution
vulnerability.

Description :

The version of Windows Media Services running on the remote host is
affected by a stack-based buffer overflow condition in the Unicast
Service component due to improper sanitization of user-supplied input.
An unauthenticated, remote attacker can exploit this, via specially
crafted transport information packets, to execute arbitrary code.

Note that Windows Media Services is not enabled by default on Windows
2000 Server. For the server to be vulnerable, it would have to be
configured as a streaming media server by adding the Windows Media
Services component in the Windows Components Wizard.

See also :

https://technet.microsoft.com/library/security/ms10-025

Solution :

Microsoft has released a set of patches for Windows 2000.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 46017 ()

Bugtraq ID: 39356

CVE ID: CVE-2010-0478

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now