In association with heise online

28 December 2008, 09:53

Vulnerability in Windows Media Player [Updated]

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Update - Since this report was filed, Microsoft have refuted the claims made and explained what caused the crash.

According to a report by Security Tracker, all versions of Windows Media Player, including the latest version, 11, have a security related vulnerability. The problem is an integer overflow when playing WAV, SND or MIDI files, which can allow an attacker to execute arbitrary code with the privileges of the user.

heise Security found that the test attached to the Security Tracker report, crashed Media Player 9 on Windows XP with Service Pack 2 and Media Player 11 on Windows XP with Service Pack 3. Security Tracker say that the vulnerability can allow code to pass through the hole. If this is true it won't be long before real exploits appear. This was demonstrated with the recent zero day vulnerability of Internet Explorer. The problem was reported by Laurent Gaffie and as yet, no fix has been released.

See Also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit