HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-47
Windows Media Player Remote Code Execution Vulnerability

Original Issue Date: June 14, 2006

Severity Rating: High

Systems Affected

  • Windows Media Player for XP on Microsoft Windows XP Service Pack 1
  • Windows Media Player 9 on Microsoft Windows XP Service Pack 2
  • Windows Media Player 10 on Microsoft Windows XP Professional x64 Edition
  • Windows Media Player 9 on Microsoft Windows Server 2003
  • Windows Media Player 10 on Microsoft Windows Server 2003 Service Pack 1
  • Windows Media Player 10 on Microsoft Windows Server 2003 x64 Edition

Overview

A vulnerability has been reported in Microsoft Media Player the way it handles the processing of PNG images that could be exploited by an attacker to take complete control of the vulnerable system.

Description

The vulnerability is caused due to unchecked buffer in the PNG processing code in Windows Media Player. This vulnerability could be exploited constructing specially crafted Windows Media Player content that could potentially allow remote code execution.

The attacker could exploit this vulnerability by hosting a website that contains a specially crafted WMZ file and by persuading user to visit the malicious website by clicking on a link or by sending the specially crafted file in an email attachment and persuading the user to open the file. The attacker could take the complete control of the system, if the user is logged on with administrator privileges.

Workarounds

  • Modify the Access Control List on the DirectX “Filter Graph no thread” Registry Key
  • Backup and remove the DirectX “Filter Graph no thread” registry key
  • Un-register Wmp.dll
  • Disassociate the WMZ file extensions

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-024

References

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms06-024.mspx

SANS
http://isc.sans.org/diary.php?storyid=1406

CVE Name
CVE-2006-0025

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003