Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Multimedia)  >   Windows Media Player Vendors:   Microsoft
(CIAC Issues Bulletin L-089) Re: Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System
SecurityTracker Alert ID:  1001652
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 30 2001
Impact:   Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.4, possibly others
Description:   It is reported that the Windows Media Player contains a vulnerability in its processing of certain ASX tags that allows a remote user to cause the Media Player client to execute arbitrary code on the client's host.

It is reported that the processing of the HREF attribute of the BANNER tag contains a buffer overflow that can be used to smash the stack. The vulnerability reportedly exists in certain versions of DXMASF.DLL. This allows a remote user to create a malicious ASX file and deliver it to the intended victim via a web page or via an HTML-based e-mail message.

The Source Message contains some additional information as well as an encoded version of a demonstration exploit ASX file.

Impact:   A remote user can cause the Media Player to execute arbitrary code on the Media Player's host.
Solution:   CIAC issues a bulletin. See the Source Message for the bulletin. The vendor has issued a fix. See the Message History for more information on the fix.
Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
May 2 2001 Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System

 Source Message Contents

Subject:  CIAC Bulletin L-089: Windows Unchecked Buffer in Media Player .ASX Processor

[For Public Release]


                       The U.S. Department of Energy
                     Computer Incident Advisory Center
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___

                             INFORMATION BULLETIN

            Windows Unchecked Buffer in Media Player .ASX Processor
                              [Microsoft MS01-029]

May 25, 2001 21:00 GMT                                            Number L-089
PROBLEM:       This addresses 2 vulnerabilities: the code parsing .ASX files
               has an unchecked buffer, enabling a malicious user to
               run code of her choice. Secondly, Windows Media Player has a
               flaw in saving Internet shortcuts to the user's Temporary Files
               folder with a fixed known filename.
PLATFORM:      Windows Media Player 6.4 and 7
DAMAGE:        Unauthorized disclosure, and/or limited executing code of
SOLUTION:      Apply the patches as described below.
VULNERABILITY  MEDIUM. In the first, the attacker can run only limited code,
ASSESSMENT:    and in the second, the attacker would need to know the exact
               name of each file to be read, and could not modify the file.

[****** Start Microsoft Advisory ******]

[****** End Microsoft Advisory ******]

Version: 4.0 Business Edition


This message was posted through the FIRST mailing list server.  If you
wish to unsubscribe from this mailing list, send the message body of
"unsubscribe first-info" to first-majordomo@FIRST.ORG


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC