Signature Detail
Short Name |
HTTP:MISC:MS-MOVIE-MAKER-OCX |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Movie Maker hhctrl.ocx load attempt |
Release Date |
2014/04/15 |
Update Number |
2364 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft Movie Maker hhctrl.ocx load attempt
This signature detects attempts to exploit a known vulnerability in Windows movie maker. It is due to a design weakness in loading configuration files. Remote attackers can exploit this by enticing target users to download a malicious dll file. A successful attack can result in loading the attacker-controlled library and execution of arbitrary code with the privileges of the logged-in user.
Extended Description
Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
Affected Products
- microsoft windows_movie_maker 2.6
References
- CVE: CVE-2010-3967