Home / bulletins MS10-013 - Critical: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) - Version:1.1
Posted on 11 February 2010
CriticalSeverity Rating: Critical - Revision Note: V1.1 (February 10, 2010): Corrected the bulletin replacement for the Quartz (KB975560) update package. Corrected the restart requirements for the update on all platforms except Microsoft Windows 2000 and Windows Server 2008. Changed the Systems Management Server table entries for SMS 2003 with ITMU for Windows 7 and Windows Server 2008 R2. Finally, corrected the verification registry key for all supported x64-based editions of Windows XP. These are informational changes only. There were no changes to the security update files or detection logic.Summary: This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
