Vulnerability-Lookup

CVE-2012-0004 (GCVE-0-2012-0004)

Vulnerability from cvelistv5 – Published: 2012-01-10 21:00 – Updated: 2024-08-06 18:09

Summary

Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.us-cert.gov/cas/techalerts/TA12-010A.html	third-party-advisoryx_refsource_CERT
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://secunia.com/advisories/47485	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/51295	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1026492	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:17.099Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:14832",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832"
          },
          {
            "name": "TA12-010A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
          },
          {
            "name": "MS12-004",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004"
          },
          {
            "name": "47485",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/47485"
          },
          {
            "name": "51295",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51295"
          },
          {
            "name": "1026492",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026492"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka \"DirectShow Remote Code Execution Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:14832",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832"
        },
        {
          "name": "TA12-010A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
        },
        {
          "name": "MS12-004",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004"
        },
        {
          "name": "47485",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/47485"
        },
        {
          "name": "51295",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51295"
        },
        {
          "name": "1026492",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026492"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2012-0004",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka \"DirectShow Remote Code Execution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:14832",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832"
            },
            {
              "name": "TA12-010A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
            },
            {
              "name": "MS12-004",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004"
            },
            {
              "name": "47485",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/47485"
            },
            {
              "name": "51295",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/51295"
            },
            {
              "name": "1026492",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026492"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2012-0004",
    "datePublished": "2012-01-10T21:00:00",
    "dateReserved": "2011-11-09T00:00:00",
    "dateUpdated": "2024-08-06T18:09:17.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E33796DB-4523-4F04-B564-ADF030553D51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*\", \"matchCriteriaId\": \"F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*\", \"matchCriteriaId\": \"D16A8D29-57BF-4B74-85F2-24DBD8B52BBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*\", \"matchCriteriaId\": \"B8A32637-65EC-42C4-A892-0E599562527C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"FFF81F4B-7D92-4398-8658-84530FB8F518\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"7AE15F6C-80F6-43A6-86DA-B92116A697A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"CC916D5A-0644-4423-A52E-D4310906BE78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"95DC297F-06DB-4FB3-BFB6-7312C059E047\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A0D2704-C058-420B-B368-372D1129E914\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*\", \"matchCriteriaId\": \"FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:2005:sp3:media_center:*:*:*:*:*\", \"matchCriteriaId\": \"3C706F71-6F28-4484-81DF-18FD573AC2AC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka \\\"DirectShow Remote Code Execution Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en DirectShow en DirectX de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 Service Pack 2, R2 y R2 SP1, y Windows 7 Gold y SP1 permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de un archivo de los medios de comunicaci\\u00f3n modificado. Esta vulnerabilidad esta relacionada con los filtros DirectShow Quartz.dll, Qdvd.dll y Line21. Tambien conocida como \\\"Vulnerabilidad de ejecuci\\u00f3n remota de c\\u00f3digo de Directshow.\\\"\"}]",
      "id": "CVE-2012-0004",
      "lastModified": "2024-11-21T01:34:10.690",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2012-01-10T21:55:03.777",
      "references": "[{\"url\": \"http://secunia.com/advisories/47485\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/51295\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securitytracker.com/id?1026492\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-010A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/47485\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/51295\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1026492\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA12-010A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-0004\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2012-01-10T21:55:03.777\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka \\\"DirectShow Remote Code Execution Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en DirectShow en DirectX de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 Service Pack 2, R2 y R2 SP1, y Windows 7 Gold y SP1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo de los medios de comunicaci\u00f3n modificado. Esta vulnerabilidad esta relacionada con los filtros DirectShow Quartz.dll, Qdvd.dll y Line21. Tambien conocida como \\\"Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Directshow.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33796DB-4523-4F04-B564-ADF030553D51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*\",\"matchCriteriaId\":\"F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*\",\"matchCriteriaId\":\"D16A8D29-57BF-4B74-85F2-24DBD8B52BBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*\",\"matchCriteriaId\":\"B8A32637-65EC-42C4-A892-0E599562527C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"FFF81F4B-7D92-4398-8658-84530FB8F518\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"7AE15F6C-80F6-43A6-86DA-B92116A697A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"CC916D5A-0644-4423-A52E-D4310906BE78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"95DC297F-06DB-4FB3-BFB6-7312C059E047\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A0D2704-C058-420B-B368-372D1129E914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:2005:sp3:media_center:*:*:*:*:*\",\"matchCriteriaId\":\"3C706F71-6F28-4484-81DF-18FD573AC2AC\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/47485\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/51295\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1026492\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-010A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/47485\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/51295\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1026492\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-010A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-2F29-HQCF-XX8J

Vulnerability from github – Published: 2022-05-04 00:27 – Updated: 2022-05-04 00:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-0004"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-01-10T21:55:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka \"DirectShow Remote Code Execution Vulnerability.\"",
  "id": "GHSA-2f29-hqcf-xx8j",
  "modified": "2022-05-04T00:27:40Z",
  "published": "2022-05-04T00:27:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0004"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/47485"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/51295"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026492"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2012-0004

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-0004

Aliases

CVE-2012-0004

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-0004",
    "description": "Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka \"DirectShow Remote Code Execution Vulnerability.\"",
    "id": "GSD-2012-0004"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-0004"
      ],
      "details": "Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka \"DirectShow Remote Code Execution Vulnerability.\"",
      "id": "GSD-2012-0004",
      "modified": "2023-12-13T01:20:13.228735Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2012-0004",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka \"DirectShow Remote Code Execution Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:14832",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832"
          },
          {
            "name": "TA12-010A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
          },
          {
            "name": "MS12-004",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004"
          },
          {
            "name": "47485",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/47485"
          },
          {
            "name": "51295",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/51295"
          },
          {
            "name": "1026492",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1026492"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:2005:sp3:media_center:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2012-0004"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka \"DirectShow Remote Code Execution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1026492",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1026492"
            },
            {
              "name": "51295",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/51295"
            },
            {
              "name": "47485",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/47485"
            },
            {
              "name": "TA12-010A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:14832",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832"
            },
            {
              "name": "MS12-004",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2023-12-07T18:38Z",
      "publishedDate": "2012-01-10T21:55Z"
    }
  }
}

CERTA-2012-AVI-010

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités permettant l'exécution de code à distance ont été corrigées dans des composants multimedia des systèmes Microsoft Windows.

Description

Une faille dans le traitement de fichiers au format MIDI permet à un attaquant d'exécuter du code à distance au moyen d'un fichier MIDI spécialement conçu (CVE-2012-0003). Une deuxième faille affectant le module DirectShow permet à une personne malveillante d'exécuter du code à distance au moyen d'un fichier multimédia spécialement conçu (CVE-2012-0004).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Bibliothèque multimedia Windows et DirectShow pour :
- Windows XP Service Pack 3 ;
- Windows XP Édition Media Center 2005 Service Pack 3 ;
- Windows XP Professionnel Édition x64 Service Pack 2 ;
- Windows Server 2003 Service Pack 2 ;
- Windows Server 2003 Édition x64 Service Pack 2 ;
- Windows Server 2003 avec SP2 pour système Itanium ;
- Windows Vista Service Pack 2 ;
- Windows Vista Édition x64 Service Pack 2;
- Windows Server 2008 pour systèmes 32 bits Service Pack 2 ;
- Windows Server 2008 pour systèmes x64 Service Pack 2 ;
- Windows Server 2008 pour systèmes Itanium Service Pack 2 ;
DirectShow pour :
- Windows 7 pour systèmes 32 bits ;
- Windows 7 pour systèmes 32 bits Service Pack 1 ;
- Windows 7 pour systèmes x64 ;
- Windows 7 pour systèmes x64 Service Pack 1 ;
- Windows Server 2008 R2 pour systèmes x64 ;
- Windows Server 2008 R2 pour systèmes x64 Service Pack 1 ;
- Windows Server 2008 R2 pour systèmes Itanium ;
- Windows Server 2008 R2 pour systèmes Itanium Service Pack 1 ;
Pack TV Windows Media Center pour Windows Vista Édition 32 bits ;
Pack TV Windows Media Center pour Windows Vista Édition 64 bits.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS12-004 du 10 janvier 2012	None	vendor-advisory
Bulletin de sécurité Microsoft MS12-004 du 11 janvier 2012 :	-	other
Bulletin de sécurité Microsoft MS12-004 du 11 janvier 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eBiblioth\u00e8que multimedia Windows et DirectShow pour :      \u003cUL\u003e        \u003cLI\u003eWindows XP Service Pack 3 ;\u003c/LI\u003e        \u003cLI\u003eWindows XP \u00c9dition Media Center 2005 Service Pack 3        ;\u003c/LI\u003e        \u003cLI\u003eWindows XP Professionnel \u00c9dition x64 Service Pack 2        ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 \u00c9dition x64 Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 avec SP2 pour syst\u00e8me Itanium        ;\u003c/LI\u003e        \u003cLI\u003eWindows Vista Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Vista \u00c9dition x64 Service Pack 2;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 pour syst\u00e8mes 32 bits Service Pack        2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 pour syst\u00e8mes x64 Service Pack 2        ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 pour syst\u00e8mes Itanium Service Pack        2 ;\u003c/LI\u003e      \u003c/UL\u003e    \u003c/LI\u003e    \u003cLI\u003eDirectShow pour :      \u003cUL\u003e        \u003cLI\u003eWindows 7 pour syst\u00e8mes 32 bits ;\u003c/LI\u003e        \u003cLI\u003eWindows 7 pour syst\u00e8mes 32 bits Service Pack 1 ;\u003c/LI\u003e        \u003cLI\u003eWindows 7 pour syst\u00e8mes x64 ;\u003c/LI\u003e        \u003cLI\u003eWindows 7 pour syst\u00e8mes x64 Service Pack 1 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 R2 pour syst\u00e8mes x64 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1        ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 R2 pour syst\u00e8mes Itanium ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 R2 pour syst\u00e8mes Itanium Service        Pack 1 ;\u003c/LI\u003e      \u003c/UL\u003e    \u003c/LI\u003e    \u003cLI\u003ePack TV Windows Media Center pour Windows Vista \u00c9dition 32    bits ;\u003c/LI\u003e    \u003cLI\u003ePack TV Windows Media Center pour Windows Vista \u00c9dition 64    bits.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nUne faille dans le traitement de fichiers au format MIDI permet \u00e0 un\nattaquant d\u0027ex\u00e9cuter du code \u00e0 distance au moyen d\u0027un fichier MIDI\nsp\u00e9cialement con\u00e7u (CVE-2012-0003). Une deuxi\u00e8me faille affectant le\nmodule DirectShow permet \u00e0 une personne malveillante d\u0027ex\u00e9cuter du code\n\u00e0 distance au moyen d\u0027un fichier multim\u00e9dia sp\u00e9cialement con\u00e7u\n(CVE-2012-0004).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0004"
    },
    {
      "name": "CVE-2012-0003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0003"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-004 du 11 janvier 2012    :",
      "url": "http://technet.microsoft.com/fr-fr/security/bulletin/MS12-004"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-004 du 11 janvier 2012    :",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS12-004"
    }
  ],
  "reference": "CERTA-2012-AVI-010",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s permettant l\u0027ex\u00e9cution de code \u00e0 distance ont \u00e9t\u00e9\ncorrig\u00e9es dans des composants multimedia des syst\u00e8mes Microsoft Windows.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Windows Media",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-004 du 10 janvier 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-010

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités permettant l'exécution de code à distance ont été corrigées dans des composants multimedia des systèmes Microsoft Windows.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Bibliothèque multimedia Windows et DirectShow pour :
- Windows XP Service Pack 3 ;
- Windows XP Édition Media Center 2005 Service Pack 3 ;
- Windows XP Professionnel Édition x64 Service Pack 2 ;
- Windows Server 2003 Service Pack 2 ;
- Windows Server 2003 Édition x64 Service Pack 2 ;
- Windows Server 2003 avec SP2 pour système Itanium ;
- Windows Vista Service Pack 2 ;
- Windows Vista Édition x64 Service Pack 2;
- Windows Server 2008 pour systèmes 32 bits Service Pack 2 ;
- Windows Server 2008 pour systèmes x64 Service Pack 2 ;
- Windows Server 2008 pour systèmes Itanium Service Pack 2 ;
DirectShow pour :
- Windows 7 pour systèmes 32 bits ;
- Windows 7 pour systèmes 32 bits Service Pack 1 ;
- Windows 7 pour systèmes x64 ;
- Windows 7 pour systèmes x64 Service Pack 1 ;
- Windows Server 2008 R2 pour systèmes x64 ;
- Windows Server 2008 R2 pour systèmes x64 Service Pack 1 ;
- Windows Server 2008 R2 pour systèmes Itanium ;
- Windows Server 2008 R2 pour systèmes Itanium Service Pack 1 ;
Pack TV Windows Media Center pour Windows Vista Édition 32 bits ;
Pack TV Windows Media Center pour Windows Vista Édition 64 bits.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS12-004 du 10 janvier 2012	None	vendor-advisory
Bulletin de sécurité Microsoft MS12-004 du 11 janvier 2012 :	-	other
Bulletin de sécurité Microsoft MS12-004 du 11 janvier 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eBiblioth\u00e8que multimedia Windows et DirectShow pour :      \u003cUL\u003e        \u003cLI\u003eWindows XP Service Pack 3 ;\u003c/LI\u003e        \u003cLI\u003eWindows XP \u00c9dition Media Center 2005 Service Pack 3        ;\u003c/LI\u003e        \u003cLI\u003eWindows XP Professionnel \u00c9dition x64 Service Pack 2        ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 \u00c9dition x64 Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2003 avec SP2 pour syst\u00e8me Itanium        ;\u003c/LI\u003e        \u003cLI\u003eWindows Vista Service Pack 2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Vista \u00c9dition x64 Service Pack 2;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 pour syst\u00e8mes 32 bits Service Pack        2 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 pour syst\u00e8mes x64 Service Pack 2        ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 pour syst\u00e8mes Itanium Service Pack        2 ;\u003c/LI\u003e      \u003c/UL\u003e    \u003c/LI\u003e    \u003cLI\u003eDirectShow pour :      \u003cUL\u003e        \u003cLI\u003eWindows 7 pour syst\u00e8mes 32 bits ;\u003c/LI\u003e        \u003cLI\u003eWindows 7 pour syst\u00e8mes 32 bits Service Pack 1 ;\u003c/LI\u003e        \u003cLI\u003eWindows 7 pour syst\u00e8mes x64 ;\u003c/LI\u003e        \u003cLI\u003eWindows 7 pour syst\u00e8mes x64 Service Pack 1 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 R2 pour syst\u00e8mes x64 ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1        ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 R2 pour syst\u00e8mes Itanium ;\u003c/LI\u003e        \u003cLI\u003eWindows Server 2008 R2 pour syst\u00e8mes Itanium Service        Pack 1 ;\u003c/LI\u003e      \u003c/UL\u003e    \u003c/LI\u003e    \u003cLI\u003ePack TV Windows Media Center pour Windows Vista \u00c9dition 32    bits ;\u003c/LI\u003e    \u003cLI\u003ePack TV Windows Media Center pour Windows Vista \u00c9dition 64    bits.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nUne faille dans le traitement de fichiers au format MIDI permet \u00e0 un\nattaquant d\u0027ex\u00e9cuter du code \u00e0 distance au moyen d\u0027un fichier MIDI\nsp\u00e9cialement con\u00e7u (CVE-2012-0003). Une deuxi\u00e8me faille affectant le\nmodule DirectShow permet \u00e0 une personne malveillante d\u0027ex\u00e9cuter du code\n\u00e0 distance au moyen d\u0027un fichier multim\u00e9dia sp\u00e9cialement con\u00e7u\n(CVE-2012-0004).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0004"
    },
    {
      "name": "CVE-2012-0003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0003"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-004 du 11 janvier 2012    :",
      "url": "http://technet.microsoft.com/fr-fr/security/bulletin/MS12-004"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-004 du 11 janvier 2012    :",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS12-004"
    }
  ],
  "reference": "CERTA-2012-AVI-010",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s permettant l\u0027ex\u00e9cution de code \u00e0 distance ont \u00e9t\u00e9\ncorrig\u00e9es dans des composants multimedia des syst\u00e8mes Microsoft Windows.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Windows Media",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS12-004 du 10 janvier 2012",
      "url": null
    }
  ]
}

FKIE_CVE-2012-0004

Vulnerability from fkie_nvd - Published: 2012-01-10 21:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/47485
secure@microsoft.com	http://www.securityfocus.com/bid/51295
secure@microsoft.com	http://www.securitytracker.com/id?1026492
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA12-010A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/47485
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/51295
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026492
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA12-010A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832

Impacted products

Vendor	Product	Version
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_server_2003	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	-
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_vista	*
microsoft	windows_xp	*
microsoft	windows_xp	-
microsoft	windows_xp	2005

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "F282E5E8-A5C9-4092-B0BF-07A5A2CAA6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*",
              "matchCriteriaId": "D16A8D29-57BF-4B74-85F2-24DBD8B52BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "B8A32637-65EC-42C4-A892-0E599562527C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "7AE15F6C-80F6-43A6-86DA-B92116A697A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "CC916D5A-0644-4423-A52E-D4310906BE78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:x64:*:*:*:*:*",
              "matchCriteriaId": "95DC297F-06DB-4FB3-BFB6-7312C059E047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:2005:sp3:media_center:*:*:*:*:*",
              "matchCriteriaId": "3C706F71-6F28-4484-81DF-18FD573AC2AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka \"DirectShow Remote Code Execution Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en DirectShow en DirectX de Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 Service Pack 2, R2 y R2 SP1, y Windows 7 Gold y SP1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo de los medios de comunicaci\u00f3n modificado. Esta vulnerabilidad esta relacionada con los filtros DirectShow Quartz.dll, Qdvd.dll y Line21. Tambien conocida como \"Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Directshow.\""
    }
  ],
  "id": "CVE-2012-0004",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-01-10T21:55:03.777",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/47485"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/51295"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1026492"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/47485"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14832"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-0004 (GCVE-0-2012-0004)

GHSA-2F29-HQCF-XX8J

GSD-2012-0004

CERTA-2012-AVI-010

Description

Solution

CERTA-2012-AVI-010

Description

Solution

FKIE_CVE-2012-0004

Tags

Sightings

Nomenclature