PDA

View Full Version : Windows Media Player ASX playlist hole (in the wild)


davidh
December 7th, 2006, 07:49 PM
Windows Media Player ASX playlist buffer overflow
Notification Type: IBM Internet Security Systems Protection Alert
Notification Date: Dec. 6, 2006
Notification Version: 1.0

Name: Windows Media Player ASX playlist buffer overflow
Public disclosure/
In the wild date: Dec. 6, 2006
Classification(s): vulnerability, poc (dos only as of Dec 6, 2006)
CVE: CVE-2006-6134
Description:

X-Force is tracking a recently disclosed vulnerability in Microsoft Windows Media Player. Users may be enticed to retrieve a malformed Advanced Stream Redirector (.ASX) file resulting in remote code execution under the security context of the current user.

http://iss.net/threats/241.html

DH