MS10-025: Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858) (uncredentialed check)
High Nessus Plugin ID 46017
SynopsisThe remote media service is affected by a remote code execution vulnerability.
DescriptionThe version of Windows Media Services running on the remote host is affected by a stack-based buffer overflow condition in the Unicast Service component due to improper sanitization of user-supplied input.
An unauthenticated, remote attacker can exploit this, via specially crafted transport information packets, to execute arbitrary code.
Note that Windows Media Services is not enabled by default on Windows 2000 Server. For the server to be vulnerable, it would have to be configured as a streaming media server by adding the Windows Media Services component in the Windows Components Wizard.
SolutionMicrosoft has released a set of patches for Windows 2000.