SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Multimedia)  >   Windows Media Player Vendors:   Microsoft
Windows Media Player Buffer Overflow in ASF File Processing Lets Malicious Media Files Execute Arbitrary Code on a User's PC
SecurityTracker Alert ID:  1002775
SecurityTracker URL:  http://securitytracker.com/id/1002775
CVE Reference:   CAN-2001-0719   (Links to External Site)
Date:  Nov 20 2001
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Windows Media Player 6.4, 7, and 7.1; Windows Media Player for Windows XP
Description:   Microsoft reported a buffer overflow vulnerability in their Windows Media Player. A malicious Advanced Streaming Format (ASF) media file could execute arbitrary code on a user's host when the user plays the file.

Microsoft reports that a remote user could create a specially malformed ASF file and induce a user to play the file, triggering the buffer overflow and crashing or executing arbitrary code. According to the vendor, the user must explicity play the file. The exact nature of the flaw was not disclosed.

Impact:   A malicious ASF media file could execute arbitrary code on a user's host when the user plays the file. This could give the author of the malicious code access to the user's host.
Solution:   The vendor has released a patch. The Windows Media Player 6.4, 7, or 7.1 patch is available at: http://download.microsoft.com/download/winmediaplayer/Update/308567/WIN98MeXP/EN-US/wm308567.exe

The Windows Media Player for Windows XP patch is available at:

http://windowsupdate.com

The patch can be installed on any operating system running Windows Media Player 6.4, 7.0, or 7.1. The vendor reportedly plans to include the fix for this issue in Windows 2000 Service Pack 3.

This patch supersedes all previously released patches for Windows Media 6.4 patches, including the patches from MS01-042, MS01-029, and MS00-090. Microsoft notes that the patch provided in MS01-029 contained fixes for both a security and privacy issue, but that only the security fix in MS01-029 is superseded by this patch.

Vendor URL:  www.microsoft.com/technet/security/bulletin/MS01-056.asp (Links to External Site)
Cause:   Boundary error
Underlying OS:   Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents

Date:  Mon, 19 Nov 2001 17:42:03 -0800
Subject:  Microsoft Security Bulletin MS01-056


The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an unattended
mailbox.
                    ********************************

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------
Title:      Windows Media Player .ASF Processor Contains Unchecked
            Buffer
Date:       20 November 2001
Software:   Windows Media Player
Impact:     Run code of attacker's choice
Max Risk:   Critical
Bulletin:   MS01-056

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-056.asp.
- ----------------------------------------------------------------------

Issue:
======
One of the streaming media formats supported by Windows Media
Player is Advanced Streaming Format (ASF). A security vulnerability
occurs in Windows Media Player 6.4 because the code that processes
ASF files contains an unchecked buffer. 

By creating a specially malformed ASF file and inducing a user to
play it, an attacker could overrun the buffer, with either of two
results: in the simplest case, Windows Media Player 6.4 would fail;
in the more complex case, code chosen by the attacker could be made
to run on the user's computer, with the privileges of the user.
The scope of this vulnerability is rather limited. It affects only
Windows Media Player 6.4, and can only be exploited by the user
opening and deliberately playing an ASF file. There is no
capability to exploit this vulnerability via email or a web page. 

However, the patch eliminates additional vulnerabilities. 
Specifically, it eliminates all known vulnerabilities affecting
Windows Media Player 6.4 - discussed in Microsoft Security 
Bulletins MS00-090, MS01-029, and MS01-042 - as well as some
additional variants of these vulnerabilities that were discovered
internally by Microsoft. Some of these vulnerabilities could be
exploited via email or a web page. In addition, some affect
components of Windows Media Player 6.4 that, for purposes of
backward compatibility, ship with Windows Media Player 7, and
7.1. We therefore recommend that customers running any of these
versions of Windows Media Player apply the patch to ensure that
they are fully protected against all known vulnerabilities. 

Windows Media Player for Windows XP includes components of
Windows Media Player 6.4, but they are not affected by the ASF
buffer overrun or by any of the other vulnerabilities discussed
in the security bulletins listed above. However, the version 6.4
components that ship with Windows Media Player for Windows XP are
affected by some of the newly discovered variants of these
vulnerabilities. Rather than installing this patch, however, we
recommend that customers install the 25 October 2001 Critical
Update for Windows XP. 

Mitigating Factors:
====================
 - Windows Media Player runs in the security context of the user, 
   rather than as a system component. At best, an attacker could
   gain the privileges of the user on the system. Systems
   configured in accordance with the least privilege principal
   would be at less risk from this vulnerability. 

 - The vulnerability could only be exploited if the user opened
   and played an affected ASF file. 

 - The attacker would need to know the specific operating system
   that the user was running in order to tailor the attack code
   properly; if the attacker made an incorrect guess about the user's
   operating system platform, the attack would crash the user's
   Windows Media Player session, but not run code of the attacker's
   choice. 

Risk Rating:
============
 - Internet systems: Critical
 - Intranet systems: Critical
 - Client systems: Critical

Patch Availability:
===================
 - A patch is available to fix this vulnerability. Please read the 
   Security Bulletin at
   http://www.microsoft.com/technet/security/bulletin/ms01-056.asp
   for information on obtaining this patch.

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS 
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL 
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE 
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT 
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES 
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF 
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS 
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO 
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR 
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQEVAwUBO/mvQY0ZSRQxA/UrAQFx9wgArkc5gTwjgy5aS2aZuC27gmPq527gEQ2A
ii7sfFeO+EpoABxRpJK/Tauwr5EMh+tfHdrZQttkv4Wnbd8QyI6yfY0l79xxBwAE
Md6h4OdUx3yCIZSbN69ZCUusUKidwqzl7VbWI+9Tdsm4QHhP4VrL5/C5ZbuxPXQ9
2gbFYtLTxPNSvtONiStQbSnFSTQdsdsytN4YpGLqdtmkBHTTbjXRp6mmk1DmUMD2
BR7+Saf2knoSMW6SKYZRgEV0UQleom0qDWltGUDuxs2eSUFmpL9Hn3t+GlyYhtbO
S4lc9z5vqA3NGb0oeG2NyI2SspwEckoTtxf2gdyOZIe7OtLNtno9pg==
=uEWm
-----END PGP SIGNATURE-----

   *******************************************************************
You have received  this e-mail bulletin as a result  of your registration
to  the   Microsoft  Product  Security  Notification   Service.  You  may
unsubscribe from this e-mail notification  service at any time by sending
an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM
The subject line and message body are not used in processing the request,
and can be anything you like.

To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.

For  more  information on  the  Microsoft  Security Notification  Service
please  visit  http://www.microsoft.com/technet/security/notify.asp.  For
security-related information  about Microsoft products, please  visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC