Vulnerability in Windows Media Player [Updated]
Update - Since this report was filed, Microsoft have refuted the claims made and explained what caused the crash.
According to a report by Security Tracker, all versions of Windows Media Player, including the latest version, 11, have a security related vulnerability. The problem is an integer overflow when playing WAV, SND or MIDI files, which can allow an attacker to execute arbitrary code with the privileges of the user.
heise Security found that the test attached to the Security Tracker report, crashed Media Player 9 on Windows XP with Service Pack 2 and Media Player 11 on Windows XP with Service Pack 3. Security Tracker say that the vulnerability can allow code to pass through the hole. If this is true it won't be long before real exploits appear. This was demonstrated with the recent zero day vulnerability of Internet Explorer. The problem was reported by Laurent Gaffie and as yet, no fix has been released.
See Also:
- Windows Media Player Integer Overflow in Playing WAV Files Lets Remote Users Execute Arbitrary Code, Security Tracker report
(djwm)