2013-02-12 This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file (such as an .mpg file), opens a Microsoft Office document (such as a .ppt file) that contains a specially crafted embedded media file, or receives specially crafted streaming content. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities addressed in this bulletin:
Media Decompression Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Windows handles media content. The vulnerability could allow remote code execution if a user opens a specially crafted media file (such as an .mpg file), opens a Microsoft Office document (such as a .ppt file) that contains a specially crafted embedded media file, or receives specially crafted streaming content.
CVE-2013-0077

Bulletin details at Microsoft.com

Related CVE Entries

Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
Max CVSS
9.3
EPSS Score
91.25%
Published
2013-02-13
Updated
2023-12-07
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!