Microsoft MPEG Layer-3 Audio Decoder Divide-By-Zero Denial Of Service Vulnerability

Publish date: July 21, 2015

Severity: CRITICAL

CVE Identifier: CVE-2010-0480,MS10-026

Advisory Date: JUL 21, 2015

DESCRIPTION

Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."

TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

SOLUTION

Trend Micro Deep Security DPI Rule Number: 1004421

Trend Micro Deep Security DPI Rule Name: 1004421 - Microsoft MPEG Layer-3 Audio Decoder Divide-By-Zero Denial Of Service Vulnerability

AFFECTED SOFTWARE AND VERSION

microsoft windows_2000
Microsoft Windows XP -
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Vista-
Microsoft Windows Server 2008
Microsoft Windows Server 2008-
Microsoft Windows Server 2003
Microsoft Windows 2003 Server
Microsoft Windows 2000

Featured Stories

$One Flaw too Many: Vulnerabilities in SCADA Systems$
One Flaw too Many: Vulnerabilities in SCADA Systems
What is the current state of SCADA vulnerabilities? Staying informed is essential in the fight against exploits and cyberattacks with real-world consequences.
Read more
$Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry$
Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry
We break down the digital attacks against the oil and gas industry and its supply chain.
Read more
$halloween exploits vulnerabilities bluekeep chrome zero days$
Halloween Exploits Scare: BlueKeep, Chrome’s Zero-Days in the Wild
Patch now: Two Chrome zero-days were reported, one of them actively exploited in a campaign. Meanwhile, BlueKeep was initially reported seen in the wild to install a malicious Monero miner.
Read more
$PHP-FPM Vulnerability (CVE-2019-11043) can Lead to Remote Code Execution in NGINX Web Servers$
PHP-FPM Vulnerability (CVE-2019-11043) can Lead to Remote Code Execution in NGINX Web Servers
Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.
Read more