SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Windows Media Player Vendors:   Microsoft
Windows Media Player Skin File Header Processing Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1018565
SecurityTracker URL:  http://securitytracker.com/id/1018565
CVE Reference:   CVE-2007-3035, CVE-2007-3037   (Links to External Site)
Updated:  Aug 13 2008
Original Entry Date:  Aug 14 2007
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.1, 9, 10, 11
Description:   A vulnerability was reported in Windows Media Player. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a skin file with a specially crafted header that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

One vulnerability occurs when decompressing skin files and another occurs when parsing skin files.

Skin files are distributed in WMZ and WMD files.

The vendor was notified of one vulnerability on March 19, 2007 and another on May 22, 2007.

Piotr Bania and TippingPoint reported this vulnerability.

Impact:   A remote user can create a skin file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Windows 2000 Service Pack 4, Windows Media Player 7.1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9f46b1fc-ee7b-437f-9492-67d003711021

Windows 2000 Service Pack 4, Windows Media Player 9:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bd4a6474-5fde-415e-840e-7d973cb71c95

Windows XP Service Pack 2, Windows Media Player 9:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bd4a6474-5fde-415e-840e-7d973cb71c95

Windows XP Service Pack 3, Windows Media Player 9:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bd4a6474-5fde-415e-840e-7d973cb71c95

Windows XP Service Pack 2, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=48f5a9d3-b859-4cb6-a68e-abde76a14782

Windows XP Service Pack 3, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=48f5a9d3-b859-4cb6-a68e-abde76a14782

Windows XP Professional X64 Edition, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=949580be-cbb3-4271-8ca0-0ead7f2d8801

Windows XP Professional X64 Edition Service Pack 2, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=949580be-cbb3-4271-8ca0-0ead7f2d8801

Windows Server 2003 Service Pack 1, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8d9f1fdf-6d4c-44d4-9b5f-bdbe8ac28d7f

Windows Server 2003 Service Pack 2, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8d9f1fdf-6d4c-44d4-9b5f-bdbe8ac28d7f

Windows Server 2003 x64 Edition, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2c04c7f2-728e-43bd-8574-26e411fcd129

Windows Server 2003 x64 Edition Service Pack 2, Windows Media Player 10:

http://www.microsoft.com/downloads/details.aspx?FamilyId=2c04c7f2-728e-43bd-8574-26e411fcd129

Windows XP Service Pack 2, Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?FamilyId=a690d042-1137-4aaf-bd0e-565ea04d1f2b

Windows XP Service Pack 3, Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?FamilyId=a690d042-1137-4aaf-bd0e-565ea04d1f2b

Windows XP Professional X64 Edition Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bdc89f34-c1ff-46ab-b52d-c02d51c5c373

Windows XP Professional X64 Edition Service Pack 2 Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bdc89f34-c1ff-46ab-b52d-c02d51c5c373

Windows Vista Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?FamilyId=80e5167c-4f75-4ce3-8b15-2f50958deec8

Windows Vista x64 Edition, Windows Media Player 11:

http://www.microsoft.com/downloads/details.aspx?FamilyId=bf30b714-d6e7-47ea-b79e-84c18370a661

A restart is not required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms07-047.mspx (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC