Vulnerability Note VU#208769
Microsoft Windows Media Player fails to properly handle malformed Windows Media Metafiles
Windows Media Player does not properly handle malformed Windows Media Metafiles. This vulnerability may allow a remote attacker to execute arbitrary code or crash Windows Media Player.
Windows Media Player (WMP) is a multimedia application that comes with Microsoft Windows. According to Microsoft:
Advanced Stream Redirector (.asx) files, also known as Windows Media Metafiles, are text files that provide information about a file stream and its presentation. ASX files go beyond the simple task of defining playlists to provide Windows Media Player with information about how to present particular media items of the playlist.
Note that file extensions for Windows Media Metafiles include .wax, .wvx, .wmx, and .asx. More information concerning Windows Media Player files is available in the Windows Media Player File Name Extensions web page.
Exploit code for this vulnerability is publicly available.
Although the buffer overflow is limited, it may still be possible to corrupt memory in a way that can allow an attacker to execute code or crash WMP.
Apply an update from Microsoft
Configure Mozilla Firefox's Download Actions not to automatically open Windows Media Metafiles. Instructions on how to do this can be found in the Firefox section of Securing Your Web Browser.
Microsoft Internet Explorer
Setting the Internet Zone security setting to High will prevent Windows Media Metafiles from automatically being opened by Internet Explorer. Instructions on how to do this can be found in the Internet Explorer section of Securing Your Web Browser.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||12 Dec 2006|
CVSS Metrics (Learn More)
This vulnerability was publicly disclosed by sehato.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2006-6134
- Date Public: 22 Nov 2006
- Date First Published: 08 Dec 2006
- Date Last Updated: 13 Dec 2006
- Severity Metric: 20.25
- Document Revision: 34
If you have feedback, comments, or additional information about this vulnerability, please send us email.