Title: RETIRED: Microsoft Windows Media Player WAV/MID/SND File Parsing Integer Overflow Vulnerability
Severity: MODERATE
Description:
Microsoft Windows Media Player is a multimedia application available for the Windows operating system.
The application is prone to an integer-overflow vulnerability when handling specially malformed WAV, SND, or MID files. The problem occurs in the DirectShow framework component 'quartz.dll'.
An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file with the vulnerable application. A successful exploit will cause the application to crash. Arbitrary code-execution is not believed to be possible.
NOTE: This BID is being retired because exploits of this issue would have no security impacts.
Affected Products:
- Microsoft Windows Media Player 10.0
- Microsoft Windows Media Player 11
- Microsoft Windows Media Player 9.0
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
References:
- Microsoft: Questions about Vulnerability Claim in Windows Media Player
- Microsoft: Windows Media Player Product Homepage
- Microsoft: Windows Media Player crash not exploitable for code execution
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
