CVE-2011-0042: Input Validation
First published: Wed Mar 09 2011(Updated: )
SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows 7 | ||
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP Media Center | =2005-sp3 | |
| All of | ||
| Microsoft Windows Media Center TV Pack | ||
| Any of | ||
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | ||
| Microsoft Windows Media Center TV Pack | ||
| Microsoft Windows Vista | ||
| Microsoft Windows Vista |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securitytracker.com/id?1025169
- http://secunia.com/advisories/43626
- http://www.securityfocus.com/bid/46680
- http://osvdb.org/71016
- http://www.vupen.com/english/advisories/2011/0615
- http://www.us-cert.gov/cas/techalerts/TA11-067A.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12281
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-015
Frequently Asked Questions
What is the severity of CVE-2011-0042?
CVE-2011-0042 is rated as a critical vulnerability that may allow arbitrary code execution.
How do I fix CVE-2011-0042?
To fix CVE-2011-0042, apply the latest security update from Microsoft that addresses this vulnerability.
Which systems are affected by CVE-2011-0042?
CVE-2011-0042 affects Microsoft Windows XP, Windows Vista, Windows 7, and Windows XP Media Center Edition 2005 SP3.
What kind of vulnerability is CVE-2011-0042?
CVE-2011-0042 is a vulnerability in the Stream Buffer Engine that improperly parses Digital Video content.
Is CVE-2011-0042 exploitable remotely?
Yes, CVE-2011-0042 can be exploited remotely through malicious Digital Video content.
- agent/references
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/microsoft
- canonical/microsoft windows vista
- canonical/microsoft windows xp
- canonical/microsoft windows 7
- canonical/microsoft windows xp media center
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-index
- agent/author
- version/microsoft windows vista/sp2
- version/microsoft windows xp/sp2
- version/microsoft windows 7/sp1
- version/microsoft windows vista/sp1
- version/microsoft windows xp/sp3
- version/microsoft windows xp media center/2005-sp3
- canonical/microsoft windows media center tv pack