HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-132
Microsoft Windows Media Format Remote Code execution Vulnerability

Original Issue Date: December 13, 2006

Severity Rating: High

Systems Affected

  • Microsoft Windows Media Player v9.x
  • Microsoft Windows Media Format v7.x
  • Microsoft Windows Media Player v6.x

Overview

Two vulnerabilities have been reported in Microsoft Windows Media Player which could be exploited by an attacker to take complete control of the system.

Description

1. Microsoft Windows Media Player ASX Playlist Heap Overflow Vulnerability (CVE-2006-6134)

ASX (Advanced Stream Redirector) format is a type of XML metafile designed to store a list of Windows Media files to play during a multimedia presentation.

The vulnerability is caused due to heap overflow error while handling “REF HREF” URLs within ASX files by Windows Media Playback/Authoring library (WMVCORE.DLL). (For details refer to CIVN-2006-126)

2. Windows Media Format ASF Parsing Vulnerability – (CVE-2006-4702)

The Microsoft Windows Media Format Runtime provides information and tools for applications which uses Windows Media content. ASF (Advanced Systems Format) is a file format that stores audio and video information and is specially designed to run over networks like the Internet.

The vulnerability caused due to buffer overflow error in ASF files while handled by Windows Media Format Runtime.

The attacker could exploit these vulnerabilities by creating and hosting specially crafted malicious web pages and persuading users to visit the website typically by getting them click on a link. Successful exploitation allows an attacker to execute arbitrary code under the privileges of user of the affected system and gives complete control of the system if user has logged in with administrative privileges.

Workarounds

  • Upgrade to Microsoft Windows Media Player 11.
  • Disable Windows Media Player from auto-opening .ASX files

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-078

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx

References

eEye deigital Security
http://research.eeye.com/html/alerts/zeroday/20061122.html

USCERT
http://www.us-cert.gov/current/index.html#0mswmp

CVE Name
CVE-2006-6134
CVE-2006-4702

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003