In association with heise online

30 December 2008, 08:34

Microsoft refutes Media Player vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft have refuted a report on Security Tracker about a vulnerability in Windows Media Player. Saying that "The security researcher making the initial report didn’t contact us, or work with us directly, but instead posted the report, along with proof of concept code, to a public mailing list". Microsoft stated that there was "no possibility for code execution in this issue".

A more detailed evaluation points out that the problem is an un-handled CPU exception when executing a DIV instruction, that there is no memory corruption and the value is not used for memory allocation. Microsoft say they had already found the issue through internal fuzzing efforts, evaluated it as not being a security risk and that it had already been fixed in Windows Server 2003 Service Pack 2. Microsoft invited the researcher who reported the issue to work with them in the future, saying "We always say that every new case with a security researcher starts the relationship off fresh: we’re happy to work with anyone who reports an issue to us responsibly, regardless of past issues".

See Also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit