Oval Definition:oval:org.mitre.oval:def:14337
Revision Date:2012-05-21Version:47
Title:MIDI Remote Code Execution Vulnerability
Description:Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2012-0003
Platform(s):Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis
  • Vulnerable Microsoft Windows XP (x86) SP3 / DirectShow / Windows Multimedia Library
  • Microsoft Windows XP (x86) SP3 is installed
  • AND DirectShow / Windows Multimedia Library
  • the version of Quartz.dll is less than 6.5.2600.6169
  • OR the version of Winmm.dll is less than 5.1.2600.6160
  • OR Vulnerable Microsoft Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2 / DirectShow / Windows Multimedia Library
  • Windows XP x64 SP2, Server 2003 x86/x64/ia64 SP2 / DirectShow / Windows Multimedia Library
  • Microsoft Windows XP x64 Edition SP2 is installed
  • OR Microsoft Windows Server 2003 SP2 (x64) is installed
  • OR Microsoft Windows Server 2003 SP2 (x86) is installed
  • OR Microsoft Windows Server 2003 (ia64) SP2 is installed
  • AND DirectShow / Windows Multimedia Library
  • the version of Winmm.dll is less than 5.2.3790.4916
  • OR the version of Quartz.dll is less than 6.5.3790.4928
  • OR Vulnerable Microsoft Windows Vista SP2 x86/x64, Server 2008 SP2 32bit/x64/ia64 / DirectShow / Windows Multimedia Library
  • Windows Vista SP2 x86/x64, Server 2008 SP2 32bit/x64/ia64 / DirectShow / Windows Multimedia Library
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND DirectShow / Windows Multimedia Library
  • GDR or LDR Service branch
  • the version of Quartz.dll is less than 6.6.6002.18533
  • OR LDR
  • the version of Quartz.dll is less than 6.6.6002.22732
  • AND the version of Quartz.dll is greater than or equal 6.6.6002.22000
  • OR GDR or LDR Service branch
  • the version of Winmm.dll is less than 6.0.6002.18528
  • OR LDR
  • the version of Winmm.dll is less than 6.0.6002.22726
  • AND the version of Winmm.dll is greater than or equal 6.0.6002.22000
    • BACK