Intrusion Prevention

MS.Windows.Movie.Maker.Producer.Heap.Overflow

Description

This indicates an attack attempt against a heap-based buffer overflow vulnerability in Windows Movie Maker and Microsoft Producer 2003, which is caused by improper size check on Windows Movie Maker project file (.MSWMM) or .MSProducer or .MSProducerZ file.

Affected Products

Microsoft Movie Maker 2.1 for Windows XP
Microsoft Movie Maker 6.0 and 2.6 for Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Microsoft Movie Maker 2.6 for Windows 7 for 32-bit Systems and x64-based Systems

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site.
http://www.microsoft.com/technet/security/Bulletin/MS10-016.mspx

CVE References

CVE-2010-0265