Microsoft refutes Media Player vulnerability
Microsoft have refuted a report on Security Tracker about a vulnerability in Windows Media Player. Saying that "The security researcher making the initial report didn’t contact us, or work with us directly, but instead posted the report, along with proof of concept code, to a public mailing list". Microsoft stated that there was "no possibility for code execution in this issue".
A more detailed evaluation points out that the problem is an un-handled CPU exception when executing a DIV instruction, that there is no memory corruption and the value is not used for memory allocation. Microsoft say they had already found the issue through internal fuzzing efforts, evaluated it as not being a security risk and that it had already been fixed in Windows Server 2003 Service Pack 2. Microsoft invited the researcher who reported the issue to work with them in the future, saying "We always say that every new case with a security researcher starts the relationship off fresh: we’re happy to work with anyone who reports an issue to us responsibly, regardless of past issues".
- Questions about Vulnerability Claim in Windows Media Player, Microsoft Security Response Centre blog posting
- Windows Media Player crash not exploitable for code execution, Microsoft SVRD evaluation
- Vulnerability in Windows Media Player, heise online Report
- Windows Media Player Integer Overflow in Playing WAV Files Lets Remote Users Deny Service, updated Security Tracker report