CVE-2012-0003
First published: Tue Jan 10 2012(Updated: )
Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows XP | =2005-sp3 | |
| Microsoft Windows Vista | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/47485
- http://www.securityfocus.com/bid/51292
- http://www.securitytracker.com/id?1026492
- http://www.us-cert.gov/cas/techalerts/TA12-010A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14337
Frequently Asked Questions
What is the severity of CVE-2012-0003?
CVE-2012-0003 is considered critical due to its potential for remote code execution.
How do I fix CVE-2012-0003?
To mitigate CVE-2012-0003, users should apply the latest security patches provided by Microsoft for affected versions.
What versions of Windows are affected by CVE-2012-0003?
CVE-2012-0003 affects Windows XP SP2 and SP3, Windows Vista SP2, Windows Server 2003 SP2, and Windows Server 2008 SP2.
What is the nature of the vulnerability in CVE-2012-0003?
CVE-2012-0003 allows remote attackers to execute arbitrary code through a specially crafted MIDI file.
Is there a workaround for CVE-2012-0003?
Disabling Windows Media Player or avoiding handling untrusted MIDI files can serve as a temporary workaround for CVE-2012-0003.
- agent/references
- agent/type
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/severity
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/softwarecombine
- vendor/microsoft
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft windows server/r2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3
- version/microsoft windows xp/2005-sp3