Microsoft updated the following security bulletin:
MS11-015 - Critical: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030) - Version:1.2
MS11-015 - Critical: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030) - Version:1.2
MS11-015 - Critical: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030) - Version:1.2
MS11-015 - Critical: Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030) - Version:1.2
Severity Rating: Critical - Revision Note: V1.2 (March 16, 2011): Removed erroneous references to Windows XP Home Edition Service Pack 3 and Windows XP Tablet PC Edition Service Pack 3 in Non-Affected Software. This is an informational change only. There were no changes to the security update files or detection logic. For customers who are running Windows XP Home Edition or Windows XP Table PC Edition and who have not already applied this update, Microsoft recommends applying the update immediately. Customers who have already applied the update do not need to take any action.Read more
Summary: This security update resolves one publicly disclosed vulnerability in DirectShow and one privately reported vulnerability in Windows Media Player and Windows Media Center. The more severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.
