(CIAC Issues Bulletin L-089) Re: Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System
|
|
SecurityTracker Alert ID: 1001652 |
|
SecurityTracker URL: http://securitytracker.com/id/1001652
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 30 2001
|
Impact:
Execution of arbitrary code via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 6.4, possibly others
|
Description:
It is reported that the Windows Media Player contains a vulnerability in its processing of certain ASX tags that allows a remote user to cause the Media Player client to execute arbitrary code on the client's host.
It is reported that the processing of the HREF attribute of the BANNER tag contains a buffer overflow that can be used to smash the stack. The vulnerability reportedly exists in certain versions of DXMASF.DLL. This allows a remote user to create a malicious ASX file and deliver it to the intended victim via a web page or via an HTML-based e-mail message.
The Source Message contains some additional information as well as an encoded version of a demonstration exploit ASX file.
|
Impact:
A remote user can cause the Media Player to execute arbitrary code on the Media Player's host.
|
Solution:
CIAC issues a bulletin. See the Source Message for the bulletin. The vendor has issued a fix. See the Message History for more information on the fix.
|
Vendor URL: www.microsoft.com/technet/security/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS: Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Subject: CIAC Bulletin L-089: Windows Unchecked Buffer in Media Player .ASX Processor
|
[For Public Release]
-----BEGIN PGP SIGNED MESSAGE-----
__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Center
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
Windows Unchecked Buffer in Media Player .ASX Processor
[Microsoft MS01-029]
May 25, 2001 21:00 GMT Number L-089
______________________________________________________________________________
PROBLEM: This addresses 2 vulnerabilities: the code parsing .ASX files
has an unchecked buffer, enabling a malicious user to
run code of her choice. Secondly, Windows Media Player has a
flaw in saving Internet shortcuts to the user's Temporary Files
folder with a fixed known filename.
PLATFORM: Windows Media Player 6.4 and 7
DAMAGE: Unauthorized disclosure, and/or limited executing code of
choice.
SOLUTION: Apply the patches as described below.
______________________________________________________________________________
VULNERABILITY MEDIUM. In the first, the attacker can run only limited code,
ASSESSMENT: and in the second, the attacker would need to know the exact
name of each file to be read, and could not modify the file.
______________________________________________________________________________
[****** Start Microsoft Advisory ******]
http://www.ciac.org/ciac/bulletins/l-089.shtml
[****** End Microsoft Advisory ******]
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
iQCVAwUBOxQaw7nzJzdsy3QZAQG55gP+N+LE6c/XiRMPG+Zq7GwrW3P78Ggxa41M
pEjA41Np4Vlx+QwyyVRduVnB1ZaKVH5EvZNH7tqtaran0exGdLgkauuzuA0+QKQN
oTogpRQcJC6zkdx12IwjXmot1dqzNGAsgJp7ibiAAGAufnCXynMpWNajFxJVWPsP
4X2tCdRkFj8=
=3s4a
-----END PGP SIGNATURE-----
-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
This message was posted through the FIRST mailing list server. If you
wish to unsubscribe from this mailing list, send the message body of
"unsubscribe first-info" to first-majordomo@FIRST.ORG
-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
|
|
