Windows DVD Maker Cross-Site Request Forgery VulnerabilityID: oval:org.secpod.oval:def:39319 | Date: (C)2017-03-15 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
An information disclosure vulnerability exists in Windows when Windows DVD Maker fails to properly parse a specially crafted .msdvd file. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.To exploit the vulnerability, an attacker would have to either log on locally to an affected system or convince a locally authenticated user to execute a specially crafted application. The security update addresses the vulnerability by correcting how Windows DVD Maker parses files.
Platform: |
Microsoft Windows 7 |
Microsoft Windows Vista |