• About Us
• Products
• Services
• Research
• Support
• Training
• Partners
• Contact Us

MS12-004: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)

Issued: 10 JAN 2012

Internet Security Systems Guidance

Two privately reported vulnerabilities that could be exploited for remote code execution were fixed in this update. One of these vulnerabilities is in how the Windows multimedia library handles specially crafted MIDI files. The other vulnerability is in how DirectShow handles specially crafted embedded subtitles.

Coverage	Related CVEs	Coverage Date	Exploit Dates	Content Update Versions
MIDI_Invalid_Channel	CVE-2012-0003	13 SEP 2011	(P) N/A (F) 28 JAN 2012 (H) N/A	IBM Security Host Protection for Servers (Unix) 2.2.2 IBM Security Host Protection for Servers (Windows) 2.1.14.2680 Proventia Network IDS XPU 31.090 Proventia Network IPS XPU 31.090 Proventia Network MFS XPU 31.090 Proventia Server IPS for Linux technology 31.090 Proventia-G 1.1 and earlier XPU 31.090 RealSecure Network XPU 31.090 RealSecure Server Sensor XPU 31.090 Virtual Server Protection for Vmware XPU 31.090
win-ms12kb2636391-update	CVE-2012-0003 CVE-2012-0004	10 JAN 2012	N/A	Enterprise Scanner 1.89 Internet Scanner software 7.2 XPU 7.2.103

References

Microsoft: http://www.microsoft.com/technet/security/bulletin/ms12-004.mspx
X-Force Database: http://xforce.iss.net/xforce/xfdb/71994
X-Force Database: http://xforce.iss.net/xforce/xfdb/71992
X-Force Database: http://xforce.iss.net/xforce/xfdb/71993