A buffer overflow vulnerability exists in Microsoft Windows Movie Maker and Microsoft Producer. The flaw is due to the way the affected products parse maliciously crafted project files. A remote attacker can leverage this vulnerability by enticing a target user to open a malicious file.

A successful attack can result in the injection and execution of arbitrary code on a target system. The resulting code would execute within the security context of the logged in user. In an unsuccessful attack, the affected application may abnormally terminate.

The vendor, Microsoft, has released updates that address this vulnerability:

http://www.microsoft.com/technet/security/Bulletin/MS10-016.mspx

• Microsoft Producer 2003
• Microsoft Windows 7
• Microsoft Windows Vista
• Microsoft Windows XP
• Microsoft Windows Movie Maker 2.1
• Microsoft Windows Movie Maker 2.6
• Microsoft Windows Movie Maker 6.0

• Access vector is NETWORK
• Access complexity is MEDIUM
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is PARTIAL
• Impact of this vulnerability on data integrity is PARTIAL
• Impact of this vulnerability on data availability is PARTIAL

• The exploitability level of this vulnerability is UNPROVEN
• The remediation level of this vulnerability is OFFICIAL FIX
• The report confidence level of this vulnerability is CONFIRMED