MS10-075: Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679)
High Nessus Plugin ID 49952
SynopsisIt is possible to execute arbitrary code on the remote Windows host using the Microsoft Windows Media Player Network Sharing Service.
DescriptionA use-after-free vulnerability exists in the Microsoft Windows Media Player Network Sharing Service installed on the remote host.
By sending a specially crafted Real Time Streaming Protocol (RTSP) packet to the affected service, a remote attacker may be able to leverage this vulnerability to execute arbitrary code in the security context of the Network Service account.
SolutionMicrosoft has released a set of patches for Windows Vista and Windows 7.