Microsoft Windows Media arbitrary code execution-CVE-2016-0101
Microsoft Windows operating system provides Windows Media for playing audio, video and viewing images. Remote attacker can entice user to open malicious media file which can lead to remote code execution with security context of user.
Windows Media uses MPEG2 Transport Stream file format to store media and protocol data. Vulnerable dynamic library is MFDS because of boundary error in it. The function MPEG2_PMT_SECTION::Parse() is used to parse descriptors array in Program Map Table (PMT) in packets of MPEG2-TS file. The function calculates the number of descriptor elements according to the Elementary Info Length field, but function does not validate the Elementary Info Length field properly. Attacker can provide large value to this field which may lead to execution of arbitrary code in user context.
Unsuccessful attempts may lead to denial of service.
This vulnerability affects the following products:
- Microsoft Windows 7
- Microsoft Windows 8.1
- Microsoft Windows RT 8.1
- Microsoft Windows 10
- Microsoft Windows Server 2008 R2
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
Dell SonicWALL Threat Research Team has researched this vulnerability and released following signatures to protect their customers:
- 3281 Malformed.ts.MP.1
- 3849 Malformed.ts.TL.1