CVE-2010-1880: Code Injection
First published: Tue Jun 08 2010(Updated: )
Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| Microsoft DirectX | =9.0 | |
| Microsoft DirectX | =9.0a | |
| Microsoft DirectX | =9.0b | |
| Microsoft DirectX | =9.0c | |
| Any of | ||
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft DirectX | =9.0 | |
| Microsoft DirectX | =9.0a | |
| Microsoft DirectX | =9.0b | |
| Microsoft DirectX | =9.0c | |
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Server | ||
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-1880?
CVE-2010-1880 is classified as a critical vulnerability that may allow remote code execution on affected systems.
How do I fix CVE-2010-1880?
To mitigate CVE-2010-1880, users should apply the latest security updates for affected versions of Microsoft Windows and DirectX.
Which systems are affected by CVE-2010-1880?
CVE-2010-1880 affects Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 with specific versions of DirectX.
Can CVE-2010-1880 be exploited by local users?
CVE-2010-1880 primarily allows remote attackers to exploit the vulnerability, thus local users typically cannot exploit it without remote conditions.
What type of vulnerability is CVE-2010-1880?
CVE-2010-1880 is a media file vulnerability related to MJPEG media decompression, affecting how media files are processed by DirectShow.
- collector/nvd-historical
- agent/references
- agent/type
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft directx
- version/microsoft directx/9.0
- version/microsoft directx/9.0a
- version/microsoft directx/9.0b
- version/microsoft directx/9.0c
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows server
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3