MS10-025: Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858) (uncredentialed check)

High Nessus Plugin ID 46017


The remote media service is affected by a remote code execution vulnerability.


The version of Windows Media Services running on the remote host is affected by a stack-based buffer overflow condition in the Unicast Service component due to improper sanitization of user-supplied input.
An unauthenticated, remote attacker can exploit this, via specially crafted transport information packets, to execute arbitrary code.

Note that Windows Media Services is not enabled by default on Windows 2000 Server. For the server to be vulnerable, it would have to be configured as a streaming media server by adding the Windows Media Services component in the Windows Components Wizard.


Microsoft has released a set of patches for Windows 2000.

See Also

Plugin Details

Severity: High

ID: 46017

File Name: smb_kb_980858.nasl

Version: $Revision: 1.19 $

Type: remote

Agent: windows

Family: Windows

Published: 2010/04/27

Modified: 2017/08/30

Dependencies: 46016, 11936

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:microsoft:windows_2000

Required KB Items: ms-streaming/1755/version

Excluded KB Items: Host/not_windows

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/04/13

Vulnerability Publication Date: 2010/04/13

Exploitable With


Core Impact

Metasploit (Windows Media Services ConnectFunnel Stack Buffer Overflow)

Reference Information

CVE: CVE-2010-0478

BID: 39356

OSVDB: 63726

MSFT: MS10-025

MSKB: 980858