Microsoft Windows Movie Maker IsValidWMToolsStream buffer overflow

Added: 05/19/2010
CVE: CVE-2010-0265
BID: 38515
OSVDB: 62811

Background

Windows Movie Maker is software for creating and editing home movies.

Problem

A buffer overflow vulnerability in the IsValidWMToolsStream function allows command execution when a user opens a specially crafted .MSWMM file.

Resolution

Apply the update referenced in Microsoft Security Bulletin 10-016.

References

http://seclists.org/fulldisclosure/2010/Mar/173

Limitations

Exploit works on Windows Movie Maker 2.1 and requires a user to open the exploit file.

Platforms

Windows XP

Back to exploit index