SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Windows Media Player Vendors:   Microsoft
(Another Vulnerable ASX Tag) Re: Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System
SecurityTracker Alert ID:  1001522
SecurityTracker URL:  http://securitytracker.com/id/1001522
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 12 2001
Impact:   Execution of arbitrary code via network
Exploit Included:  Yes  
Version(s): 6.4, possibly others
Description:   It is reported that the Windows Media Player contains a vulnerability in its processing of certain ASX tags that allows a remote user to cause the Media Player client to execute arbitrary code on the client's host.

It is reported that the processing of the HREF attribute of the BANNER tag contains a buffer overflow that can be used to smash the stack. The vulnerability reportedly exists in certain versions of DXMASF.DLL. This allows a remote user to create a malicious ASX file and deliver it to the intended victim via a web page or via an HTML-based e-mail message.

A user reports that there is another buffer overflow vulnerability in the ASX VERSION tag. A *.ASX file with the following contents will cause dxmasf.dll in MPLAYER 6.4 to crash:

<ASX VERSION="AAAAAAAAAAA ... AAAAAAA">

Impact:   A remote user can cause the Media Player to execute arbitrary code on the Media Player's host.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
May 2 2001 Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System



 Source Message Contents

Subject:  Re: Microsoft Media Player ASX Parser buffer overflow


I found yet another bof condition in the ASX VERSION
tag : an *.ASX file with the contents :

<ASX VERSION="AAAAAAAAAAA ... AAAAAAA">

crashes MPLAYER 6.4 in dxmasf.dll...

greetz,
[ByteRage] <byterage@yahoo.com>
http://elf.box.sk/byterage

> REVELATION:
>
> HREF attribute of BANNER tag can be abused to smash
> our lovely stack.
>
> This information applies to Media Player 6.4 at
> least.

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC