Title: Microsoft Windows Media Player .ASF Marker Buffer Overflow Vulnerability
Severity: HIGH
Description:
Windows Media Player is an application used for digital audio, and video content viewing. Media Player supports Advanced Streaming Format (.ASF) files, which enables users to view streaming multimedia content over the Internet.
Media files can be seperated into sections, using a marker to associate each seperate segment. Thus, enabling a user to select a marker (via the Go To bar) and view the related contents of the media file.
A buffer overflow condition exists in Windows Media Player that may allow a remote user to cause a denial of service or execute arbitrary code on a target host. The overflow occurs when an unusually long marker is embedded in an .ASF file.
If a user selects the malicious marker from the Go To Bar, Windows Media Player will crash. It is also possible to overwrite stack variables in a manner that can allow execution of arbitrary code. An attacker may be able to replace a function return address with a pointer to shellcode, which will be executed when the corrupted function returns.
Windows Media Player runs in the security context of the user currently logged on, therefore arbitrary code would be run at the privilege level of that particular user. If random data were entered into the buffer, the application would crash and restarting the application is required in order to regain normal functionality.
The version of Windows Media Player that ships with Windows XP does contain some vulnerable components, users are encouraged to download the Critical Update for Windows XP released October 25, 2001.
Microsoft's advisory mentions that only WMP 6.4 is vulnerable, however, the original discoverer was able to reproduce this issue on WMP 7.0. In addition, Microsoft lists WMP 7.0 and 7.1 as affected packages. Users of WMP 6.4, 7.0 and 7.1 are encouraged to install the patch.
Affected Products:
- Microsoft Windows Media Player 0.0.0XP
- Microsoft Windows Media Player 6.4
- Microsoft Windows Media Player 7.0.0
- Microsoft Windows Media Player 7.1.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
References:
- Microsoft: Microsoft Security Bulletin MS01-056
- Microsoft: Microsoft Technet Security
- Microsoft: Microsoft Windows Update
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
