Click for a hub of Extension resources related to the current COVID-19 situation.
COVID-19 Resources
Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

Vulnerability in Windows Movie Maker and Microsoft Producer

by Leave a Comment

No patch is available for PRODUCER as of this time.

MULTI-STATE INFORMATION SHARING AND ANALYSIS CENTER CYBER SECURITY
ADVISORY

MS-ISAC ADVISORY NUMBER:
2010-019

DATE(S) ISSUED:
3/9/2010 

SUBJECT:
Vulnerability in Windows Movie Maker and Microsoft Producer Could Allow
Remote Code Execution (MS10-016)

OVERVIEW:
A vulnerability has been discovered in Windows Movie Maker and Microsoft
Producer which could allow an attacker to take complete control of an
affected system.  Windows Movie Maker is a video editing application
available for Microsoft Windows, which is installed by default on
Windows XP systems.  Microsoft Producer is a downloadable add-in
component for Microsoft Office PowerPoint that can be used open and edit
video files.  Exploitation may occur if a user visits a web page or
opens an email attachment which is crafted specifically to take
advantage of this vulnerability. Depending on the privileges associated
with the user, an attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights.  At this
point in time, no patches are available for Microsoft Producer.

 SYSTEMS AFFECTED: 

*    Windows XP
*    Windows Vista
*    Windows 7
*    Producer 2003

RISK:
Government:

*    Large and medium government entities: High
*    Small government entities: High

Businesses:
*    Large and medium business entities: High
*    Small business entities: High

 

Home users: High

DESCRIPTION:
A vulnerability has been discovered in Windows Movie Maker and Microsoft
Producer which could allow an attacker to take complete control of an
affected system.  This is due to the way that Windows Movie Maker and
Microsoft Producer parse specially crafted Movie Maker Project files
(‘.mswmm’) or Microsoft Producer 2003 files (.MSProducer, .MSProducerZ,
and .MSProducerBF).  This vulnerability can be exploited via an email
attachment or through the Web. In the email based scenario, the user
would have to open the specially crafted Windows Movie Maker or
Microsoft Producer project file as an email attachment. In the Web based
scenario, a user would have to open a specially crafted Movie Maker or
Microsoft Producer file that is hosted on a website.

Successful exploitation could allow an attacker to gain the same
privileges as the logged on user. Depending on the privileges associated
with the user, an attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights. 

At this point in time, no patches are available for Microsoft Producer.

 

RECOMMENDATIONS:
We recommend the following actions be taken:

*    Apply appropriate patches provided by Microsoft to vulnerable
systems immediately after appropriate testing.
*    Consider blocking .MSWMM files at the network perimeter.
*    Consider removing the Movie Maker .MSWMM file association.

*                     Consider removing the Microsoft Producer 2003
(.MSProducer, .MSProducerZ, and .MSProducerBF) file association
(http://support.microsoft.com/kb/975561).

*    Remind users not to visit un-trusted websites or follow links
provided by unknown or un-trusted sources.
*    Remind users not to open email attachments from unknown or
un-trusted sources.

 

REFERENCES:

 

Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS10-016.mspx

http://support.microsoft.com/kb/975561 

Security Focus:

http://www.securityfocus.com/bid/38515