Vulnerability in Windows Movie Maker Could Allow Remote Code Execution
Description: This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by changing the way that Windows Movie Maker parses project files.
Update type: Important
Release date: March 9, 2010
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/975561
- Windows Kernel Exception Handler Vulnerability – CVE-2010-0232
- Windows Kernel Double Free Vulnerability – CVE-2010-0233
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB975561.