search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Windows Media Player buffer overflow in Active Stream Redirector (.asx) file parser

Vulnerability Note VU#187528

Original Release Date: 2002-09-27 | Last Revised: 2002-09-27


There is a buffer overflow in the parsing of Active Stream Redirector (.ASX) files. This buffer overflow may allow a remote attacker to execute arbitrary code when a user views a malicious web page.


There is a buffer overflow in the processing of Active Stream Redirector (.ASX) files in Windows Media Player version 6.4 and 7. An Active Stream Redirector is a file type used by Windows Media Player to determine where a media stream can be found on the Internet, and how to play it.

This vulnerability is a variant of the vulnerability described in VU#675320 and MS00-090.


An attacker may be able to execute arbitrary code on vulnerable systems when the user visits a web page.


Apply a Patch

Microsoft has published patches correcting this vulnerability. The patches are listed in their advisory at:

Vendor Information


Microsoft Corporation Affected

Updated:  July 16, 2002



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


Microsoft has published a security bulletin describing this vulnerability at:

CVSS Metrics

Group Score Vector



This document was written by Cory F. Cohen.

Other Information

CVE IDs: CVE-2001-0242
Severity Metric: 4.43
Date Public: 2001-05-23
Date First Published: 2002-09-27
Date Last Updated: 2002-09-27 17:47 UTC
Document Revision: 7

Sponsored by CISA.