Overview
A buffer overflow vulnerability in Microsoft Windows Media Player may allow remote code execution.
A buffer overflow vulnerability in Microsoft Windows Media Player may allow remote code execution. A remote code execution vulnerability exists in Windows Media Player 6.4. An attacker could exploit the vulnerability by constructing a specially crafted ASF file that could allow remote code execution when played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Attack VectorMaliciously Crafted File
User Interactionuser interaction is needed
Vendor StatusResponded and patched
Vulnerable Systems
Windows Media Player
6.4,
Timeline
Vendor has provided a patch.
Recommendations
The vendor has released a patch to address this issue:
http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx
Recommendations McAfee Product Mitigation
Additional Resources
(MS09-052) WMP Heap Overflow Vulnerability (974112)
http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx