TITLE: Windows Media Player Plug-in EMBED Element Processing Vulnerability
SECUNIA ADVISORY ID: SA18852 VERIFY ADVISORY: http://secunia.com/advisories/18852/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ DESCRIPTION: A vulnerability has been reported in Windows Media Player plug-in, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the handling of malformed EMBED elements and can be exploited to cause a buffer overflow via e.g. a malicious web site containing a specially crafted EMBED element. Successful exploitation allows execution of arbitrary code. NOTE: The vulnerability does not affect users of Internet Explorer. SOLUTION: Apply patches. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=CCDD3D35-BE5C-4C43-8FFA-BB8570A7321C Microsoft Windows XP SP1 / Microsoft Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=CCDD3D35-BE5C-4C43-8FFA-BB8570A7321C Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1: http://www.microsoft.com/downloads/details.aspx?FamilyId=CCDD3D35-BE5C-4C43-8FFA-BB8570A7321C Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=165916C2-037E-4EDD-B64A-84838BEE151C Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=E3DAAB50-2AC7-49DD-8971-4F98FED9FBA6 ORIGINAL ADVISORY: MS06-006 (KB911564): http://www.microsoft.com/technet/security/Bulletin/MS06-006.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
