• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Windows Movie Maker Code Execution Vulnerability

March 9, 2010 By The Editor

Summary:

  • These vulnerabilities affect: Affects Windows Movie Maker 2.1, 2.6, and 6.0. Also affects Microsoft Producer 2003
  • How an attacker exploits them: By enticing you to open maliciously crafted Movie Maker or Producer project
  • Impact: An attacker can execute code, potentially gaining complete control of your computer
  • What to do: Install the appropriate Movie Maker patch as soon as possible, or let Microsoft’s Automatic Update do it for you.

Exposure:

Windows Movie Maker is a video capturing and editing application that you get free with Windows. Movie Maker actually ships with older versions of Windows, such as Windows XP and 2000. However, the latest versions of Windows (Windows Vista and 7), don’t provide the Movie Maker application on the installation disc. Instead, you have the option to download it for free as part of the Windows Live Essentials package. In short, if you have Windows XP, you have Windows Movie Maker. However, if you have Windows Vista or 7, you only have it if you chose to download and install the Live Essentials package.

Today, Microsoft released a security bulletin describing a buffer overflow vulnerability that affects Windows 2.1, 2.6, and 6.0. Also affects Microsoft Producer 2003 (Producer is another optional download that adds rich-media creation features to PowerPoint). Movie Maker and Producer do not properly parse specially crafted project files. If an attacker can entice you to download a specially crafted project file, then open that file in Movie Maker or Producer, he can exploit this flaw to execute code on your computer, with your privileges. If you have local administrative privileges, the attacker gains full control your computer.

While code execution flaws have the highest impact, we do not feel this flaw poses a high risk to most business users. Few business users ever run Movie Maker, so it would probably be more difficult to get them to interact with Movie Maker projects. Nonetheless, we still recommend you apply the Movie Maker update as soon as you can.

Solution Path

Microsoft has released updates for Windows Movie Maker to correct this vulnerability. You should download, test, and deploy the appropriate patch throughout your network as soon as possible (or just let the Microsoft Automatic Update feature do it for you). This flaw also affects Producer 2003, however, Microsoft has not released a patch for it. Instead, they recommend you uninstall the optional add-in, or remove its file associations. This Microsoft Fixit, will automatically remove Producer’s file associations for you.

MS10-016:

Updates for Movie Maker:

  • For Windows XP
    • Movie Maker 2.1
  • For Windows XP x64
    • Movie Maker 2.1
  • For Windows Vista
    • Movie Maker 6.0
    • Movie Maker 2.6
  • For Windows Vista x64 Edition
    • Movie Maker 6.0
    • Movie Maker 2.6
  • For Windows 7
    • Movie Maker 2.6
  • For Windows 7 x64
    • Movie Maker 2.6

For All WatchGuard Users:

If you like, you can configure certain WatchGuard Firebox models to block Microsoft Movie Maker projects from arriving via the web, email, or through FTP transfers. If you don’t need Movie Maker projects to conduct business, we recommend you do this. Nonetheless, you should still apply Microsoft’s updates for full protection.

If you want to block Movie Maker projects, the links below provide video instructions on how to use your Firebox proxy’s content blocking features to block file extensions. The file extensions you should block include, .MSWMM, .MSProducer, .MSProducerZ, and .MSProducerBF. Keep in mind, blocking files by extension blocks both malicious and legitimate documents.

  • Firebox X Edge running 10.x
    • How do I block files with the FTP proxy?
    • How do I block files with the HTTP proxy?
    • How do I block files with the POP3 proxy?
    • How do I block files with the SMTP proxy
  • Firebox X Core and X Peak running Fireware 10.x or Fireware XTM
    • How do I block files with the FTP proxy?
    • How do I block files with the HTTP proxy?
    • How do I block files with the POP3 proxy?
    • How do I block files with the SMTP proxy?

Status:

Microsoft has released a Movie Maker update to fix this flaw.

References:

  • MS Security Bulletin MS10-016

Share This:

Related

Filed Under: Security Bytes Tagged With: Microsoft, movie maker

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use