CVE-2010-1879

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICAL

EPSS

38.2%

top 2.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Directx Microsoft Windows Media Encoder Microsoft Windows Media Format Runtime

Timeline

PublishedJun 8

Latest updateMay 14

Description

Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDmicrosoft/windows_media_encoder9

▶NVDmicrosoft/windows_media_format_runtime11, 9, 9.5+2

▶NVDmicrosoft/directx4 versions+3

🔴Vulnerability Details

GHSA

GHSA-9vxq-x797-gr8g: Unspecified vulnerability in Quartz↗2022-05-14

▶

CVEList

CVE-2010-1879: Unspecified vulnerability in Quartz↗2010-06-08

▶