Oval Definition:oval:org.mitre.oval:def:6641
Revision Date:2014-08-18Version:46
Title:MJPEG Media Decompression Vulnerability
Description:Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-1880
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Quartz.dll (DirectShow)
Definition Synopsis
  • Vulnerable Microsoft Windows 2000 / Quartz in DirectX 9.0
  • Microsoft Windows 2000 is installed
  • AND DirectX 9.0x Installed
  • AND the version of Quartz.dll is less than 6.5.1.914
  • OR Vulnerable Microsoft Windows XP (x86) / Quartz
  • Microsoft Windows XP (32-bit) is installed
  • AND the version of Quartz.dll is less than 6.5.2600.3665
  • OR Vulnerable Microsoft Windows XP (x86) / Quartz
  • Microsoft Windows XP (32-bit) is installed
  • AND the version of Quartz.dll is less than 6.5.2600.5933
  • OR Vulnerable Microsoft Windows XP x64, Server 2003 x86/x64/ia64 / Quartz
  • XP x64, Server 2003 x86/x64/ia64
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND the version of Quartz.dll is less than 6.5.3790.4660
  • OR Vulnerable Microsoft Windows Vista x86/x64, Server 2008 32bit/x64/ia64 - GDR / Quartz
  • Vista x86/x64, Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND the version of Quartz.dll is less than 6.6.6001.18461
  • OR Vulnerable Microsoft Windows Vista x86/x64, Server 2008 32bit/x64/ia64 - LDR / Quartz
  • Vista x86/x64, Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND the version of Quartz.dll is less than 6.6.6001.22672
  • AND the version of Quartz.dll is greater than or equal 6.6.6001.22000
    • BACK