Windows Media Player Reveals A Flaw

Security experts have detected a flaw in 'Microsoft Windows Media Player', which remote hackers can exploit to compromise an affected system or cause a 'denial of service'. The flaw results from a 'buffer overflow' fault in the Windows 'Media Playback/ Authoring library (WMVCORE.DLL)' when handling 'ASX Playlists' having an elongated "REF HREF" tag. The hackers can take advantage of this flawed technique in the system and execute arbitrary commands by luring a user into browsing a specially crafted website.

In a security advisory, 'eEye Research' explains that the 'ASX files' open automatically when made to appear within a Web browser. This allows exploiting the vulnerability through malicious sites or e-mails to enable to run 'arbitrary code' on the system whose user opened the ASX file. 'eEye Research' reports that when clients are the administrators on their local hosts, it results in an even more critical problem because the 'clients' would be running the malicious code within the protective Administrator credentials.

The vulnerability emerged a day after Microsoft found a 'zero-day' flaw in Word that has had 'limited attacks'.

With the appearance of the 'media player flaw', 'Internet Security Systems Inc.' (ISS) based in Atlanta put its 'AlertCon' to Level 2. On its Web site, ISS said that its analysts foresee the possibility of malicious people developing 'exploit code' over this issue. It, therefore, strongly recommends its customers to apply ISS 'product updates'.

A spokesman of Microsoft said in e-mail that the company's initial investigation showed that this 'proof-of-concept' could enable an attacker to run code in the user's 'security context'. He said Microsoft has not yet come across any attempts in exploiting this vulnerability. The company, along with its partners, was on the job of monitoring the situation and will guide the customers as necessary.
When the investigation is over, Microsoft will take necessary action to protect its customers, said the spokesperson. This might mean providing a 'security update' through its 'monthly release process', or an "out of cycle" 'security update', based on the urgency of customers' needs.

The best protection right now is to delete the ASX component or move to another program.

Related article: Windows XP Fault Strike Firewall

» SPAMfighter News - 12/13/2006