SECUNIA ADVISORY ID: SA22971

VERIFY ADVISORY: http://secunia.com/advisories/22971/

CRITICAL: Highly critical

IMPACT: DoS, System access

SOFTWARE: Microsoft Windows Media Player 10.x - http://secunia.com/product/4208/

DESCRIPTION: sehato has reported a vulnerability in Windows Media Player, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. The vulnerability is caused due to a boundary error when handling "REF HREF" tags in ASX playlists. This can be exploited to cause a limited heap-based buffer overflow via an overly long string with an invalid URL. Successful exploitation crashes the program and may potentially allow execution of arbitrary code, though this has not currently been proven. The vulnerability is reported in version 10.00.00.4036. Other versions may also be affected.

SOLUTION: Do not open untrusted playlists.

PROVIDED AND/OR DISCOVERED BY: sehato

ORIGINAL ADVISORY: Microsoft: http://blogs.technet.com/msrc/archive/2006/12/07/public-proof-of-concept-code-for-asx-file-format-isssue.aspx