CVE-2010-1880 - OpenCVE

Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Directx Windows 2000 Windows 2003 Server Windows Server 2008 Windows Vista Windows Xp

Configuration 1 [-]

AND

OR	cpe:2.3:a:microsoft:directx:9.0:::::::*
	cpe:2.3:a:microsoft:directx:9.0a:::::::*
	cpe:2.3:a:microsoft:directx:9.0b:::::::*
	cpe:2.3:a:microsoft:directx:9.0c:::::::*

OR	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::*
	cpe:2.3:o:microsoft:windows_server_2008:::x32:::::*
	cpe:2.3:o:microsoft:windows_server_2008:::x64:::::*
	cpe:2.3:o:microsoft:windows_vista::sp1::::::*
	cpe:2.3:o:microsoft:windows_vista:-:sp1::::::
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*

No data.

References

Link	Providers
http://osvdb.org/65222
http://www.us-cert.gov/cas/techalerts/TA10-159B.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2010-06-08T22:00:00

Updated: 2024-08-07T01:35:53.959Z

Reserved: 2010-05-11T00:00:00

Link: CVE-2010-1880

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-06-08T22:30:01.617

Modified: 2023-12-07T18:38:56.693

Link: CVE-2010-1880

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-06-08T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"MJPEG Media Decompression Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "oval:org.mitre.oval:def:6641", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641"}, {"name": "65222", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/65222"}, {"name": "MS10-033", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"}, {"name": "TA10-159B", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2010-1880", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"MJPEG Media Decompression Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:6641", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641"}, {"name": "65222", "refsource": "OSVDB", "url": "http://osvdb.org/65222"}, {"name": "MS10-033", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"}, {"name": "TA10-159B", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:35:53.959Z"}, "title": "CVE Program Container", "references": [{"name": "oval:org.mitre.oval:def:6641", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641"}, {"name": "65222", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/65222"}, {"name": "MS10-033", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"}, {"name": "TA10-159B", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2010-1880", "datePublished": "2010-06-08T22:00:00", "dateReserved": "2010-05-11T00:00:00", "dateUpdated": "2024-08-07T01:35:53.959Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*", "matchCriteriaId": "B2F096A3-DD19-4D54-94F4-027DBDF1A705", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:directx:9.0b:*:*:*:*:*:*:*", "matchCriteriaId": "70A8E96E-F752-43D2-83C3-877DE1042B80", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:directx:9.0c:*:*:*:*:*:*:*", "matchCriteriaId": "44C68B75-2B7A-450B-BA1B-03E77E03B59B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*", "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "3A04E39A-623E-45CA-A5FC-25DAA0F275A3", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka \"MJPEG Media Decompression Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad no especificada en Quartz.dll para DirectShow en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista SP1, y Server 2008. Esta vulnerabilidad permite ejecutar, a atacantes remotos, c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero multimedia con datos de compresi\u00f3n debidamente modificados. Esta vulnerabilidad tambi\u00e9n es conocida como \"Vulnerabilidad de decompresion de ficheros multimedia MJPEG\"."}], "id": "CVE-2010-1880", "lastModified": "2023-12-07T18:38:56.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-06-08T22:30:01.617", "references": [{"source": "secure@microsoft.com", "url": "http://osvdb.org/65222"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-033"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6641"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}