Vulnerability Note VU#208769

Microsoft Windows Media Player fails to properly handle malformed Windows Media Metafiles

Advanced Stream Redirector (.asx) files, also known as Windows Media Metafiles, are text files that provide information about a file stream and its presentation. ASX files go beyond the simple task of defining playlists to provide Windows Media Player with information about how to present particular media items of the playlist.

Windows Media Metafiles are based on XML syntax and can be encoded in either ANSI or UNICODE (UTF-8) format. They are made up of various elements with their associated tags and attributes. Each element in a Windows Media metafile defines a particular setting or action in Windows Media Player.

Microsoft has addressed this issue with the updates included with Microsoft Security Bulletin MS06-078.

Note that according to Microsoft Security Bulletin MS06-078, Windows Media Player 11 is not affected by this vulnerability.

Do not access Windows Media Metafiles from untrusted sources

Attackers may host malicious Windows Media Metafiles on web sites. In order to convince users to visit their sites, those attackers often use a variety of techniques to create misleading links including URL encoding, IP address variations, long URLs, and intentional misspellings. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.

Configure Your Web Browser securely handle Windows Media Metafiles

Web browsers can be configured to take specific actions for certain types of content, such as Windows Media Metafiles. Configuring your web browser to securely handle Windows Media Metafiles will not correct this vulnerability, but will reduce the chances of exploitation.

Mozilla Firefox

Configure Mozilla Firefox's Download Actions not to automatically open Windows Media Metafiles. Instructions on how to do this can be found in the Firefox section of Securing Your Web Browser.

Microsoft Internet Explorer

Setting the Internet Zone security setting to High will prevent Windows Media Metafiles from automatically being opened by Internet Explorer. Instructions on how to do this can be found in the Internet Explorer section of Securing Your Web Browser.

http://blogs.technet.com/msrc/archive/2006/12/07/public-proof-of-concept-code-for-asx-file-format-isssue.aspx
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316992
http://research.eeye.com/html/alerts/zeroday/20061122.html
http://www.microsoft.com/windows/windowsmedia/default.mspx
http://windowssdk.msdn.microsoft.com/en-us/library/aa385262.aspx
http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx

Credit

This vulnerability was publicly disclosed by sehato.

This document was written by Jeff Gennari.

Other Information

If you have feedback, comments, or additional information about this vulnerability, please send us email.