=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN397
_____________________________________________________________________

DATE                      : 13/10/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows Vista, Windows 7 running Media Player Network Sharing Service.

======================================================================
KB2281679
http://www.microsoft.com/technet/security/bulletin/MS10-075.mspx
______________________________________________________________________
	
Microsoft Security Bulletin MS10-075 - Critical
Vulnerability in Media Player Network Sharing Service Could Allow Remote Code
Execution (2281679)

Version: 1.0

General Information

Executive Summary

This security update resolves a privately reported vulnerability in the
Microsoft Windows Media Player Network Sharing Service. The vulnerability
could allow remote code execution if an attacker sent a specially crafted RTSP
packet to an affected system. However, Internet access to home media is
disabled by default. In this default configuration, the vulnerability can be
exploited only by an attacker within the same subnet.

This security update is rated Critical for supported editions of Windows 7 and
Important for all supported editions of Windows Vista. For more information,
see the subsection, Affected and Non-Affected Software, in this section.

Affected Software

Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition
  Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems

Vulnerability Information

RTSP Use After Free Vulnerability - CVE-2010-3225

A vulnerability exists in Microsoft Windows Media Player Network Sharing
Service that could allow a remote user to send a specially crafted network
packet to an instance of the application's network streaming service and cause
remote code execution in the context of the current application.


          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================