Vulnerabilità Windows Media Player

**thomas_anderson** · 15-02-2006, 08:23

Un'altra:

TITLE:
Windows Media Player Bitmap File Processing Vulnerability

SECUNIA ADVISORY ID:
SA18835

VERIFY ADVISORY:
http://secunia.com/advisories/18835/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Microsoft Windows Media Player 7.x
http://secunia.com/product/1084/
Microsoft Windows Media Player 10.x
http://secunia.com/product/4208/
Microsoft Windows Media Player 8.x
http://secunia.com/product/1535/
Microsoft Windows Media Player 9.x
http://secunia.com/product/1085/

DESCRIPTION:
A vulnerability has been reported in Windows Media Player, which can
be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the
processing of bitmap files (.bmp) and can be exploited to cause a
buffer overflow via a specially crafted bitmap file.

Successful exploitation allows execution of arbitrary code when a
user e.g. visits a malicious web site, opens a malicious bitmap file
(Windows Media Player is not the default handler for bitmap files),
or opens a file (e.g. Word document) containing a malicious Windows
Media Player (.wmp) image.

The following supported products and product combinations are NOT
vulnerable:
* Windows Media Player 6.4
* Windows Media Player 10 on Windows Server 2003 SP1
* Windows XP Professional x64 Edition
* Windows Server 2003 (with or without SP1) for Itanium-based
systems
* Microsoft Windows Server 2003 x64 Edition

SOLUTION:
Apply patch.

Windows Media Player for XP on Windows XP SP1:
http://www.microsoft.com/downloads/d...244D-4036-B98C
-E951CBA7E9BA

Windows Media Player 9 on Windows XP SP2:
http://www.microsoft.com/downloads/d...04F7-4DA8-A0EF
-1797B52D0B4B

Windows Media Player 9 on Windows Server 2003:
http://www.microsoft.com/downloads/d...04F7-4DA8-A0EF
-1797B52D0B4B

Windows Media Player 7.1 on Windows 2000 SP4:
http://www.microsoft.com/downloads/d...1242-4E55-B3D4
-8377B83257C6

Windows Media Player 9 on Windows 2000 SP4 / Windows XP SP1:
http://www.microsoft.com/downloads/d...04F7-4DA8-A0EF
-1797B52D0B4B

Windows Media Player 10 on Windows XP SP1 / SP2:
http://www.microsoft.com/downloads/d...9382-4F2E-A624
-D2316A96B411

Windows 98, Windows 98 SE, and Windows ME:
Patches are available via the Windows Update web site.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Marc Maiffret, eEye.

ORIGINAL ADVISORY:
MS06-005 (KB911565):
http://www.microsoft.com/technet/sec.../MS06-005.mspx

**thomas_anderson** · 15-02-2006, 09:05

TITLE:
Windows Media Player Plug-in EMBED Element Processing Vulnerability

SECUNIA ADVISORY ID:
SA18852

VERIFY ADVISORY:
http://secunia.com/advisories/18852/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

OPERATING SYSTEM:
Microsoft Windows XP Professional
http://secunia.com/product/22/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/
Microsoft Windows 2000 Server
http://secunia.com/product/20/
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/product/1177/
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/

DESCRIPTION:
A vulnerability has been reported in Windows Media Player plug-in,
which can be exploited by malicious people to compromise a user's
system.

The vulnerability is caused due to a boundary error within the
handling of malformed EMBED elements and can be exploited to cause a
buffer overflow via e.g. a malicious web site containing a specially
crafted EMBED element.

Successful exploitation allows execution of arbitrary code.

NOTE: The vulnerability does not affect users of Internet Explorer.

SOLUTION:
Apply patches.

Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/d...A-BB8570A7321C

Microsoft Windows XP SP1 / Microsoft Windows XP SP2:
http://www.microsoft.com/downloads/d...A-BB8570A7321C

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1:
http://www.microsoft.com/downloads/d...A-BB8570A7321C

Microsoft Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/d...A-84838BEE151C

Microsoft Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/d...1-4F98FED9FBA6

PROVIDED AND/OR DISCOVERED BY:
The vendor credits John Cobb, iDefense.

ORIGINAL ADVISORY:
MS06-006 (KB911564):
http://www.microsoft.com/technet/sec.../MS06-006.mspx

----------------------------------------------------------------------

Discussione: Vulnerabilità Windows Media Player

Strumenti discussione

Ricerca discussione

Visualizza

Vulnerabilità Windows Media Player

Vulnerabilità n° 2

Permessi di invio