Security 10748 Published by

Microsoft published the following two security bulletin updates:

- MS10-058 - Important: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) - Version:1.1
- MS10-055 - Critical: Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665) - Version:1.1



MS10-058 - Important: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) - Version:1.1
Severity Rating: Important - Revision Note: V1.1 (August 18, 2010): Added workaround for IPv6 Memory Corruption Vulnerability - CVE-2010-1892.

Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Read more

MS10-055 - Critical: Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (August 12, 2010): Added Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 to the Non-Affected Software table.

Summary: This security update resolves a privately reported vulnerability in Cinepak Codec. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Read more