HTTP: Microsoft Windows Media Player Skin Parsing Code Execution
This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft Windows Media Player. It is due to insufficient data validation while parsing compressed skin files. A remote attacker can exploit this by enticing the target user to open a crafted WMZ file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In a simple attack case, the affected Windows Media Player can terminate when the malicious file is opened. In a sophisticated attack, where the malicious user is successful in injecting and executing supplied code, the behavior of the system is dependent on the nature of the injected code. Any code injected into the vulnerable component can execute in the security context of the currently logged in user.
Extended Description
Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted skin files. Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files (WMZ or WMD files). Note that users must attempt to apply the skin files. Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.
Affected Products
Microsoft windows_media_player
Short Name
HTTP:STC:DL:WMP-SKIN-PARSE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2007-3037 Code Execution Media Microsoft Parsing Player Skin Windows bid:25305
Release Date
10/14/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
Avaya
CVSS Score
4.0