Windows Media Format Runtime ASF Parsing Vulnerability

Posted on Tuesday, December 11, 2007 @ 22:26:51 UTC in Security
by Raven

SECUNIA ADVISORY ID: SA28034

VERIFY ADVISORY: http://secunia.com/advisories/28034/

CRITICAL: Highly critical

IMPACT: System access

OPERATING SYSTEM:
Microsoft Windows XP Professional http://secunia.com/product/22/
Microsoft Windows XP Home Edition http://secunia.com/product/16/
Microsoft Windows Vista http://secunia.com/product/13223/
Microsoft Windows Storage Server 2003 http://secunia.com/product/12399/
Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/
Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/
Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/
Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/
Microsoft Windows 2000 Server http://secunia.com/product/20/
Microsoft Windows 2000 Professional http://secunia.com/product/1/
Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/
Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/

SOFTWARE:
Microsoft Windows Media Format Runtime 9.x http://secunia.com/product/16898/
Microsoft Windows Media Format Runtime 7.x http://secunia.com/product/16897/
Microsoft Windows Media Format Runtime 11.x http://secunia.com/product/16899/
Microsoft Windows Media Services 9.x http://secunia.com/product/16900/

DESCRIPTION: A vulnerability has been reported in Windows Media Format Runtime / Windows Media Services, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when parsing ASF(Advanced Systems Format) files and can be exploited when a user views a specially crafted ASF file in an application using the component (e.g. Windows Media Player). Successful exploitation may allow execution of arbitrary code.

SOLUTION: Apply patches.
Windows 2000 SP4 with Windows Media Format Runtime 7.1: http://www.microsoft.com/downloads/details.aspx?FamilyID=eecdf2ce-9aa7-4f0c-b62b-2fa7a32f369e
Windows 2000 SP4 with Windows Media Format Runtime 9: http://www.microsoft.com/downloads/details.aspx?FamilyID=eecdf2ce-9aa7-4f0c-b62b-2fa7a32f369e
Windows XP SP2 with Windows Media Format Runtime 9: http://www.microsoft.com/downloads/details.aspx?FamilyID=bece702a-6e61-433e-8275-20f4e84f2c92
Windows XP SP2 with Windows Media Format Runtime 9.5: http://www.microsoft.com/downloads/details.aspx?FamilyID=bece702a-6e61-433e-8275-20f4e84f2c92
Windows XP Professional x64 Edition (optionally with SP2) with Windows Media Format Runtime 9.5: http://www.microsoft.com/downloads/details.aspx?FamilyID=81f20b45-dfc7-4ddf-a4b4-6c0e9476ed51
Windows Server 2003 SP1/SP2 with Windows Media Format Runtime 9.5: http://www.microsoft.com/downloads/details.aspx?FamilyID=8fea7da8-a7f3-4786-97c2-fb5ea7018159
Windows Server 2003 x64 Edition (optionally with SP2) with Windows Media Format Runtime 9.5: http://www.microsoft.com/downloads/details.aspx?FamilyID=ffc69c76-02f1-4b15-8ec1-dab8c7e33bd4
Windows XP Professional x64 Edition (optionally with SP2) with Windows Media Format Runtime 9.5 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyID=72d2ca0e-da81-45ee-9321-4970b80f4a5a
Windows Server 2003 x64 Edition (optionally with SP2) with Windows Media Format Runtime 9.5 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyID=ffc69c76-02f1-4b15-8ec1-dab8c7e33bd4
Windows XP SP2 with Windows Media Format Runtime 11: http://www.microsoft.com/downloads/details.aspx?FamilyID=bece702a-6e61-433e-8275-20f4e84f2c92
Windows XP Professional x64 Edition (optionally with SP2) with Windows Media Format Runtime 11: http://www.microsoft.com/downloads/details.aspx?FamilyID=1037b224-ac89-4efd-b189-6f3da77a88e6
Windows Vista with Windows Media Format Runtime 11: http://www.microsoft.com/downloads/details.aspx?FamilyID=9a98ef96-bc2e-42b7-9a24-c82c8fb379db
Windows Vista x64 Edition with Windows Media Format Runtime 11: http://www.microsoft.com/downloads/details.aspx?FamilyID=3ce02c95-d695-4f14-9fb3-30c83a9cfb9c
Windows Server 2003 SP1/SP2 with Windows Media Services 9.1: http://www.microsoft.com/downloads/details.aspx?FamilyID=096711d4-ce01-45d0-9c2d-ebfa5c671b9f
Windows Server 2003 x64 Edition (optionally with SP2) with Windows Media Services 9.1 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyID=23c23800-5aaa-455b-96bf-4ead4dfdd95d

PROVIDED AND/OR DISCOVERED BY: The vendor credits Ryan Smith, ISS X-Force.

ORIGINAL ADVISORY: MS07-068 (KB941569 / KB944275): http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
 
 
click Related        click Share
 
 
Associated Topics

Microsoft
 
News ©

Site Info

Last SeenLast Seen
  • rovshan
  • neralex
Server TrafficServer Traffic
  • Total: 482,472,265
  • Today: 12,283
Server InfoServer Info
  • Apr 24, 2024
  • 01:25 pm UTC
 
 

Site Navigation