CVE-2013-0077

Vulnerability

CVE-2013-0077 is a remote code execution vulnerability in the Quartz.dll component of DirectShow, affecting Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 [1]. The vulnerability occurs when DirectShow decompresses specially crafted media content, such as an .mpg file, a media stream, or an embedded media file in a Microsoft Office document (e.g., .ppt) [1]. No special configuration is required; the vulnerable code path is reachable when the user opens the malicious content [1].

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a specially crafted media file (e.g., .mpg), a Microsoft Office document containing such a file, or by delivering streaming content [1]. The attacker does not need authentication or any special network position; the attack vector is remote and user interaction is required [1]. The exploit does not require a race window or write access; it relies on the user opening the malicious content [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the current user [1]. If the user has administrative rights, the attacker can gain full control of the system, including installing programs, viewing/changing/deleting data, or creating new accounts [1]. The impact is complete compromise of confidentiality, integrity, and availability [1].

Mitigation

Microsoft released security update MS13-011 on February 12, 2013, which addresses the vulnerability by correcting how DirectShow handles crafted media content [1]. The update is rated Critical for all affected Windows versions [1]. Customers with automatic updating enabled will receive the update automatically; others should apply it immediately via Microsoft Update [1]. No workarounds are documented in the available references [1][2]. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [2].