TITLE: Microsoft Windows Media Runtime Code Execution Vulnerability Critical: Highly critical Impact: System access Where: From remote SECUNIA ADVISORY ID: SA36938 VERIFY ADVISORY: http://secunia.com/advisories/36938/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. 1) An unspecified error in Windows Media Runtime within the processing of Advanced Systems Format (ASF) files can be exploited to execute arbitrary code e.g. when a user opens a specially crafted audio file. 2) A vulnerability is caused due to Microsoft Windows Media Runtime not properly initialising certain functions when processing compressed audio files. This can be exploited to corrupt memory when a user opens a specially crafted media file or receives specially crafted streaming content from a web site. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Microsoft Windows 2000 SP4 with DirectShow WMA Voice Codec: http://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b Microsoft Windows 2000 SP4 with Windows Media Audio Voice Decoder: http://www.microsoft.com/downloads/details.aspx?familyid=8f850a82-61f9-447b-a0aa-a2c192cc5d2e Microsoft Windows 2000 SP4 with Audio Compression Manager: http://www.microsoft.com/downloads/details.aspx?familyid=6dfd5405-cabe-4bd7-9330-b6bde1d99194 Windows XP SP2 / SP3 with DirectShow WMA Voice Codec: http://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b Windows XP SP2 with Windows Media Audio Voice Decoder: http://www.microsoft.com/downloads/details.aspx?familyid=4516c219-e357-485e-a52b-23dcb8ee49d8 Windows XP SP2 / SP3 with Audio Compression Manager: http://www.microsoft.com/downloads/details.aspx?familyid=6ecc7129-8caa-4daf-a8e2-8f3536225fb3 Windows XP Service Pack 3 with Windows Media Audio Voice Decoder: http://www.microsoft.com/downloads/details.aspx?familyid=746d3440-5a6a-421e-9286-7b534a1dfe54 Windows XP Professional x64 Edition SP2 with DirectShow WMA Voice Codec: http://www.microsoft.com/downloads/details.aspx?familyid=c116ae9d-e416-4b7d-be75-4b4b2ebcc33a Windows XP Professional x64 Edition SP2 with Windows Media Audio Voice Decoder: http://www.microsoft.com/downloads/details.aspx?familyid=4729de51-8fd8-46c6-b4ad-9c9f25202684 Windows XP Professional x64 Edition SP2 with Windows Media Audio Voice Decoder in Windows Media Format SDK 9.5 x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=fe0d51b2-345e-4eb7-a036-d8c3f6a683d2 Windows XP Professional x64 Edition SP2 with Windows Media Audio Voice Decoder in Windows Media Format SDK 11: http://www.microsoft.com/downloads/details.aspx?familyid=a866a490-6d3a-4ecd-acf4-770312ba2fd6 Windows XP Professional x64 Edition SP2 with Audio Compression Manager: http://www.microsoft.com/downloads/details.aspx?familyid=46daf7c7-1cd3-4f47-9c7a-d5eb6ea7327b Windows Server 2003 SP 2 with DirectShow WMA Voice Codec: http://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b Windows Server 2003 SP 2 with Windows Media Audio Voice Decoder: http://www.microsoft.com/downloads/details.aspx?familyid=00b3cb86-c9eb-4fbe-987e-2b0d94271d87 Windows Server 2003 SP 2 with Audio Compression Manager: http://www.microsoft.com/downloads/details.aspx?familyid=ab1803ff-2371-487f-a7b6-95747c46ba4e Windows Server 2003 x64 Edition SP2 with DirectShow WMA Voice Codec: http://www.microsoft.com/downloads/details.aspx?familyid=c116ae9d-e416-4b7d-be75-4b4b2ebcc33a Windows Server 2003 x64 Edition SP2 with Windows Media Audio Voice Decoder: http://www.microsoft.com/downloads/details.aspx?familyid=13ba4839-7fa9-4bbb-95f6-3fafb6c49f20 Windows Server 2003 x64 Edition SP2 with Windows Media Audio Voice Decoder in Windows Media Format SDK 9.5 x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=fe0d51b2-345e-4eb7-a036-d8c3f6a683d2 Windows Server 2003 x64 Edition SP2 with Audio Compression Manager: http://www.microsoft.com/downloads/details.aspx?familyid=46daf7c7-1cd3-4f47-9c7a-d5eb6ea7327b Windows Vista, Windows Vista SP1 / SP2 with Windows Media Audio Voice Decoder: http://www.microsoft.com/downloads/details.aspx?familyid=f17ee0ea-f1e2-49f4-9f90-60296246ddfe Windows Vista x64 Edition, Windows Vista x64 Edition SP1 / SP2 with Windows Media Audio Voice Decoder: http://www.microsoft.com/downloads/details.aspx?familyid=26905f12-92c7-4d45-99e7-227f03d2cb82 Windows Server 2008 for 32-bit Systems (optionally with SP2) with Windows Media Audio Voice Decoder: http://www.microsoft.com/downloads/details.aspx?familyid=2eaa9857-a147-4f31-9bf4-b9e2cf4c15c3 Windows Server 2008 for x64-based Systems (optionally with SP2) with Windows Media Audio Voice Decoder: http://www.microsoft.com/downloads/details.aspx?familyid=70aabba3-53d6-4b52-be83-6d3f3869ecbd ORIGINAL ADVISORY: MS09-051 (KB975682, KB969878, KB954155, KB975025): http://www.microsoft.com/technet/security/bulletin/MS09-051.mspx ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-