Microsoft Windows Media Encoder vulnerabilities

CVE-2010-3965 [CRITICAL] CVE-2010-3965: Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) f

CVE-2010-1879 [CRITICAL] CWE-94 CVE-2010-1879: Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."

CVE-2008-3008 [CRITICAL] CWE-119 CVE-2008-3008: Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Wind Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."