DirectShow MJPEG Decompression Remote Code Execution Vulnerability - MS09-011
|ID: oval:org.secpod.oval:def:2610||Date: (C)2009-10-27 (M)2018-05-27|
|Class: PATCH||Family: windows|
The host is missing a security update according to Microsoft security bulletin, MS09-011. The update is required to fix heap memory error. The flaw is present in MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory. Successful exploitation could result in arbitrary code execution via MJPEG file or video stream.
|Microsoft Windows 2000|
|Microsoft Windows XP|
|Microsoft Windows Server 2003|