McAfee > Theat Center > Vulnerability Detail Page

Timeline

12/11/2007

Vendor has provided a patch.

Description

Microsoft Windows is an industry standard operating system. A vulnerability in Microsoft Windows may allow for code-execution attacks. The flaw lies in Windows Media Format Runtime's processing of specially crafted Advanced System Format (ASF) files. Exploitation would involve the victim processing a maliciously crafted file and would allow for code execution at their rights level.

McAfee Product Mitigation & Recommendations

Recommendations

Download and install the patch available from Microsoft(941569 and 944275): http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:

(MS07-068) Microsoft Windows Media Format Remote Code Execution Vulnerability Parsing ASF (941569)

Signature identifier:

5627

Release date:

12/11/2007

McAfee Intrushield

This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

HTTP: Microsoft Windows Media Format Remote Code Execution Vulnerability Parsing ASF

Signature identifier:

0x4023FF00

Release date:

12/11/2007

First released in:

4.1.16; 3.1.53

McAfee Host IPS

Out of the box, HIPS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge

Signature:

Generic Buffer Overflow Protection

Signature identifier:

428

Release date:

8/24/2000

First released in:

2.0

McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

Out of the box, VSE 8.0i protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

Buffer Overflow Protection

Release date:

8/30/2004

First released in:

Build 131

McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection

Out of the box, VSE8.5i and ToPS SB protect against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

Buffer Overflow Protection

Release date:

11/29/2006

First released in:

Build 354

Additional Resources

Microsoft Security Bulletin: Vulnerability in Windows Media Format Could Allow Remote Code Execution (941569)

http://www.microsoft.com/technet/security/bulletin/MS07-068.mspx

All Information

Timeline -

12/11/2007

Vendor has provided a patch.

Description -

Microsoft Windows is an industry standard operating system. A vulnerability in Microsoft Windows may allow for code-execution attacks. The flaw lies in Windows Media Format Runtime's processing of specially crafted Advanced System Format (ASF) files. Exploitation would involve the victim processing a maliciously crafted file and would allow for code execution at their rights level.

McAfee Product Mitigation & Recommendations

Recommendations -

Download and install the patch available from Microsoft(941569 and 944275): http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:

(MS07-068) Microsoft Windows Media Format Remote Code Execution Vulnerability Parsing ASF (941569)

Signature identifier:

5627

Release date:

12/11/2007

McAfee Intrushield

This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

HTTP: Microsoft Windows Media Format Remote Code Execution Vulnerability Parsing ASF

Signature identifier:

0x4023FF00

Release date:

12/11/2007

First released in:

4.1.16; 3.1.53

McAfee Host IPS

Out of the box, HIPS protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge

Signature:

Generic Buffer Overflow Protection

Signature identifier:

428

Release date:

8/24/2000

First released in:

2.0

McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

Out of the box, VSE 8.0i protects against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

Buffer Overflow Protection

Release date:

8/30/2004

First released in:

Build 131

McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection

Out of the box, VSE8.5i and ToPS SB protect against many buffer overflow exploits. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

Buffer Overflow Protection

Release date:

11/29/2006

First released in:

Build 354

Additional Resources

Additional Resources -

Microsoft Security Bulletin: Vulnerability in Windows Media Format Could Allow Remote Code Execution (941569)

http://www.microsoft.com/technet/security/bulletin/MS07-068.mspx