Welcome to the Virus Encyclopedia of Panda Security.
|worm, Trojan or backdoor. It is a group of critical vulnerabilities in Media Decompression, which allows arbitrary code to be remotely executed in the vulnerable computer.|
The affected components are:
- Asycfilt.dll (COM component) on Windows 7/2008/Vista/2003/XP/2000.
- Quartz.dll (DirectShow) on Windows 2008/Vista/2003/XP/2000.
- Windows Media Encoder 9 on Windows 2008/Vista/2003/XP/2000.
- Windows Media Format Runtime 9 on Windows XP/2000.
- Windows Media Format Runtime 9.5 on Windows 2003/XP.
- Windows Media Format Runtime 11 on Windows XP.
If exploited successfully, MS10-033 allows hackers to gain remote control of the affected computer with the same privileges as the logged on user. If this user had administrator rights, the hacker could take complete control of the system: create, modify or delete files, install programs, create new user accounts, etc.
This vulnerability is usually exploited by sending a specially crafted media file or streaming content from a website and enticing users to open it.
If you have any of the vulnerable components, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.
Bear in mind that this security bulletin replaces previous ones, called MS09-047 and MS09-028.