[PCWorks] Windows Media Player ASF Processing Vulnerability

  • From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
  • Date: Wed, 14 Oct 2009 06:14:38 -0500

TITLE:
Microsoft Windows Media Player ASF Processing Vulnerability

Critical:  Highly critical
Impact:  System access
Where:  From remote

SECUNIA ADVISORY ID: SA36944

VERIFY ADVISORY:
http://secunia.com/advisories/36944/

DESCRIPTION:
A vulnerability has been reported in Microsoft Windows Media 
Player,
which can be exploited by malicious people to compromise a 
user's
system.

The vulnerability is caused due to an unspecified error in the
processing of ASF files. This can be exploited to cause a 
heap-based
buffer overflow via a specially crafted ASF file.

Successful exploitation allows execution of arbitrary code.

SOLUTION:
Apply patches.

Microsoft Windows 2000 SP4 with Windows Media Player 6.4:
http://www.microsoft.com/downloads/details.aspx?familyid=13035ef7-7e47-487c-8b7c-7795d33ce7de

Windows XP SP2/SP3 with Windows Media Player 6.4:
http://www.microsoft.com/downloads/details.aspx?familyid=b2efe1ac-d8d7-41bb-b87d-fc5e22afef0f

Windows XP Professional x64 Edition SP2 with Windows Media 
Player 6.4:
http://www.microsoft.com/downloads/details.aspx?familyid=a9e7dfd8-7ba1-4f14-8e60-92ef00d91467

Windows Server 2003 SP2 with Windows Media Player 6.4:
http://www.microsoft.com/downloads/details.aspx?familyid=5f82d01c-573e-425e-b9f2-86a54f377b19

Windows Server 2003 x64 Edition SP2 with Windows Media Player 
6.4:
http://www.microsoft.com/downloads/details.aspx?familyid=65e9036e-2e1b-40ff-a84b-c507107bcce8

ORIGINAL ADVISORY:
Microsoft (KB974112):
http://www.microsoft.com/technet/security/Bulletin/MS09-052.mspx


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

  • » [PCWorks] Windows Media Player ASF Processing Vulnerability - Clint Hamilton-PCWorks Admin
  1. Home
  2. pcworks
  3. Archive
  4. 10-2009