TITLE: Windows Media Player Bitmap File Processing Vulnerability SECUNIA ADVISORY ID: SA18835
VERIFY ADVISORY: http://secunia.com/advisories/18835/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Windows Media Player 7.x http://secunia.com/product/1084/ Microsoft Windows Media Player 10.x http://secunia.com/product/4208/ Microsoft Windows Media Player 8.x http://secunia.com/product/1535/ Microsoft Windows Media Player 9.x http://secunia.com/product/1085/ DESCRIPTION: A vulnerability has been reported in Windows Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the processing of bitmap files (.bmp) and can be exploited to cause a buffer overflow via a specially crafted bitmap file. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious web site, opens a malicious bitmap file (Windows Media Player is not the default handler for bitmap files), or opens a file (e.g. Word document) containing a malicious Windows Media Player (.wmp) image. The following supported products and product combinations are NOT vulnerable: * Windows Media Player 6.4 * Windows Media Player 10 on Windows Server 2003 SP1 * Windows XP Professional x64 Edition * Windows Server 2003 (with or without SP1) for Itanium-based systems * Microsoft Windows Server 2003 x64 Edition SOLUTION: Apply patch. Windows Media Player for XP on Windows XP SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=110054F2-244D-4036-B98C-E951CBA7E9BA Windows Media Player 9 on Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=8F9EEF16-04F7-4DA8-A0EF-1797B52D0B4B Windows Media Player 9 on Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=8F9EEF16-04F7-4DA8-A0EF-1797B52D0B4B Windows Media Player 7.1 on Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=26A0B9E1-1242-4E55-B3D4-8377B83257C6 Windows Media Player 9 on Windows 2000 SP4 / Windows XP SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=8F9EEF16-04F7-4DA8-A0EF-1797B52D0B4B Windows Media Player 10 on Windows XP SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=182735E1-9382-4F2E-A624-D2316A96B411 Windows 98, Windows 98 SE, and Windows ME: Patches are available via the Windows Update web site. ORIGINAL ADVISORY: MS06-005 (KB911565): http://www.microsoft.com/technet/security/Bulletin/MS06-005.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
