Release DateJan 12, 2012 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates a possible attack against a Remote Code Execution vulnerability in Windows Media component.The vulnerability is caused because the vulnerable applications failed to adequately validate certain field in a "MIDI" file. Successful attacks may allow remote attackers to execute arbitrary code on the vulnerable system. |
Affected ProductsWindows XP Service Pack 3Windows XP Media Center Edition 2005 Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Service Pack 2 Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-based Systems Windows Media Center TV Pack for Windows Vista (32-bit editions) Windows Media Center TV Pack for Windows Vista (64-bit editions) |
Recommended ActionsRefer to the vendor's web site for suggested workaround:http://www.microsoft.com/technet/security/Bulletin/ms12-004.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2012-0003 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/MS12-004.mspx (MS-ID) |
