Media Decompression Vulnerability in DirectShow, Windows Media Format Runtime, and Media Encoder
CVE-2010-1879

Currently unrated

Key Information:

Vendor: Microsoft
Status: Directx
Vendor: CVE Published:; 8 June 2010

Summary

A vulnerability exists in Quartz.dll used by DirectShow and the Windows Media Format Runtime, along with the Asycfilt.dll COM component. This issue allows remote attackers to execute arbitrary code through specially crafted media files that contain malicious compression data. Such vulnerabilities underline the importance of regular updates and security measures to safeguard systems against potential exploitation.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.us-cert.gov/cas/techalerts/TA10-159B.html

third-party-advisoryx_refsource_CERT

EPSS Score

57% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 8, 2010
Vulnerability Reserved
May 11, 2010