Check Point Advisories

Microsoft Windows Media Player ActiveX Codec Retrieval (CVE-2010-0268)

Check Point Reference: SBP-2010-15
Date Published: 13 Apr 2010
Severity: N/A
Last Updated: Wednesday 29 June, 2011
Source:
Industry Reference:CVE-2010-0268
Protection Provided by:

Security Gateway
R81, R80, R77, R75, R71, R70, R65
Who is Vulnerable?
Vulnerability Description Microsoft Windows Media Player is a feature of the Windows operating system for personal computers. It is used for playing audio and video. A remote code execution vulnerability has been reported in the Windows Media Player's ActiveX control. The vulnerability is due to an error in the Windows Media Player ActiveX control that incorrectly handling the clean up after Windows Media Player codec retrieval from the Microsoft codec server and subsequently the media control is removed from the original Web site. A remote attacker could trigger this flaw by convincing a victim to enter a a malicious Web site that hosts a media file for which Windows Media Player does not have the codec. When Windows Media player requests the codec form the Microsoft codec server, the malicious Web site could remove the media file from the page. Successful exploitation of this issue may allow the attacker to take complete control of an affected system. There are cases in which certain traffic, although not intended for malicious use, is very unsafe, since it may transfer shellcode which is undetectable by IPS.

Protection Overview

This protection will detect and block the Microsoft Windows Media Player ActiveX control.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70 / R65

  1. In the IPS tab, click Protections and find the Microsoft Windows Media Player ActiveX Codec Retrieval protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Content Protection Violation.
Attack Information:  Microsoft Windows Media Player ActiveX codec retrieval

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK