Windows Media Player Skin File Header Processing Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Multimedia) > Windows Media Player

Vendors: Microsoft

Windows Media Player Skin File Header Processing Bugs Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1018565

SecurityTracker URL: http://securitytracker.com/id/1018565

CVE Reference: CVE-2007-3035, CVE-2007-3037 (Links to External Site)

Updated: Aug 13 2008

Original Entry Date: Aug 14 2007

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 7.1, 9, 10, 11

Description: A vulnerability was reported in Windows Media Player. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a skin file with a specially crafted header that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

One vulnerability occurs when decompressing skin files and another occurs when parsing skin files.

Skin files are distributed in WMZ and WMD files.

The vendor was notified of one vulnerability on March 19, 2007 and another on May 22, 2007.

Piotr Bania and TippingPoint reported this vulnerability.

Impact: A remote user can create a skin file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued the following fixes:

Windows 2000 Service Pack 4, Windows Media Player 7.1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9f46b1fc-ee7b-437f-9492-67d003711021

Windows 2000 Service Pack 4, Windows Media Player 9:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bd4a6474-5fde-415e-840e-7d973cb71c95

Windows XP Service Pack 2, Windows Media Player 9:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bd4a6474-5fde-415e-840e-7d973cb71c95

Windows XP Service Pack 3, Windows Media Player 9:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bd4a6474-5fde-415e-840e-7d973cb71c95

Windows XP Service Pack 2, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=48f5a9d3-b859-4cb6-a68e-abde76a14782

Windows XP Service Pack 3, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=48f5a9d3-b859-4cb6-a68e-abde76a14782

Windows XP Professional X64 Edition, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=949580be-cbb3-4271-8ca0-0ead7f2d8801

Windows XP Professional X64 Edition Service Pack 2, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=949580be-cbb3-4271-8ca0-0ead7f2d8801

Windows Server 2003 Service Pack 1, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8d9f1fdf-6d4c-44d4-9b5f-bdbe8ac28d7f

Windows Server 2003 Service Pack 2, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8d9f1fdf-6d4c-44d4-9b5f-bdbe8ac28d7f

Windows Server 2003 x64 Edition, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2c04c7f2-728e-43bd-8574-26e411fcd129

Windows Server 2003 x64 Edition Service Pack 2, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2c04c7f2-728e-43bd-8574-26e411fcd129

Windows XP Service Pack 2, Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?FamilyId=a690d042-1137-4aaf-bd0e-565ea04d1f2b

Windows XP Service Pack 3, Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?FamilyId=a690d042-1137-4aaf-bd0e-565ea04d1f2b

Windows XP Professional X64 Edition Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bdc89f34-c1ff-46ab-b52d-c02d51c5c373

Windows XP Professional X64 Edition Service Pack 2 Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bdc89f34-c1ff-46ab-b52d-c02d51c5c373

Windows Vista Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?FamilyId=80e5167c-4f75-4ce3-8b15-2f50958deec8

Windows Vista x64 Edition, Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bf30b714-d6e7-47ea-b79e-84c18370a661

A restart is not required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms07-047.mspx (Links to External Site)

Cause: Access control error

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2021, SecurityGlobal.net LLC