SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Windows Media Player Vendors:   Microsoft
(CIAC Issues Bulletin L-089) Re: Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System
SecurityTracker Alert ID:  1001652
SecurityTracker URL:  http://securitytracker.com/id/1001652
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 30 2001
Impact:   Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.4, possibly others
Description:   It is reported that the Windows Media Player contains a vulnerability in its processing of certain ASX tags that allows a remote user to cause the Media Player client to execute arbitrary code on the client's host.

It is reported that the processing of the HREF attribute of the BANNER tag contains a buffer overflow that can be used to smash the stack. The vulnerability reportedly exists in certain versions of DXMASF.DLL. This allows a remote user to create a malicious ASX file and deliver it to the intended victim via a web page or via an HTML-based e-mail message.

The Source Message contains some additional information as well as an encoded version of a demonstration exploit ASX file.

Impact:   A remote user can cause the Media Player to execute arbitrary code on the Media Player's host.
Solution:   CIAC issues a bulletin. See the Source Message for the bulletin. The vendor has issued a fix. See the Message History for more information on the fix.
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
May 2 2001 Microsoft Windows Media Player ASX Processing Vulnerability Lets Remote Users Execute Arbitrary Code on the Player's Host System



 Source Message Contents

Subject:  CIAC Bulletin L-089: Windows Unchecked Buffer in Media Player .ASX Processor


[For Public Release]
-----BEGIN PGP SIGNED MESSAGE-----


             __________________________________________________________

                       The U.S. Department of Energy
                     Computer Incident Advisory Center
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

            Windows Unchecked Buffer in Media Player .ASX Processor
                              [Microsoft MS01-029]

May 25, 2001 21:00 GMT                                            Number L-089
______________________________________________________________________________
PROBLEM:       This addresses 2 vulnerabilities: the code parsing .ASX files
               has an unchecked buffer, enabling a malicious user to
               run code of her choice. Secondly, Windows Media Player has a
               flaw in saving Internet shortcuts to the user's Temporary Files
               folder with a fixed known filename.
PLATFORM:      Windows Media Player 6.4 and 7
DAMAGE:        Unauthorized disclosure, and/or limited executing code of
               choice.
SOLUTION:      Apply the patches as described below.
______________________________________________________________________________
VULNERABILITY  MEDIUM. In the first, the attacker can run only limited code,
ASSESSMENT:    and in the second, the attacker would need to know the exact
               name of each file to be read, and could not modify the file.
______________________________________________________________________________

[****** Start Microsoft Advisory ******]

http://www.ciac.org/ciac/bulletins/l-089.shtml

[****** End Microsoft Advisory ******]


-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBOxQaw7nzJzdsy3QZAQG55gP+N+LE6c/XiRMPG+Zq7GwrW3P78Ggxa41M
pEjA41Np4Vlx+QwyyVRduVnB1ZaKVH5EvZNH7tqtaran0exGdLgkauuzuA0+QKQN
oTogpRQcJC6zkdx12IwjXmot1dqzNGAsgJp7ibiAAGAufnCXynMpWNajFxJVWPsP
4X2tCdRkFj8=
=3s4a
-----END PGP SIGNATURE-----

-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
This message was posted through the FIRST mailing list server.  If you
wish to unsubscribe from this mailing list, send the message body of
"unsubscribe first-info" to first-majordomo@FIRST.ORG
-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC