search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Microsoft Windows Media Player buffer overflow in Active Stream Redirector (.asx) file parser

Vulnerability Note VU#187528

Original Release Date: 2002-09-27 | Last Revised: 2002-09-27

Overview

There is a buffer overflow in the parsing of Active Stream Redirector (.ASX) files. This buffer overflow may allow a remote attacker to execute arbitrary code when a user views a malicious web page.

Description

There is a buffer overflow in the processing of Active Stream Redirector (.ASX) files in Windows Media Player version 6.4 and 7. An Active Stream Redirector is a file type used by Windows Media Player to determine where a media stream can be found on the Internet, and how to play it.

This vulnerability is a variant of the vulnerability described in VU#675320 and MS00-090.

Impact

An attacker may be able to execute arbitrary code on vulnerable systems when the user visits a web page.

Solution

Apply a Patch

Microsoft has published patches correcting this vulnerability. The patches are listed in their advisory at:

http://www.microsoft.com/technet/security/bulletin/MS01-029.asp

Vendor Information

187528
 
Expand all

Microsoft Corporation Affected

Updated:  July 16, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft has published a security bulletin describing this vulnerability at:


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This document was written by Cory F. Cohen.

Other Information

CVE IDs: CVE-2001-0242
Severity Metric: 4.43
Date Public: 2001-05-23
Date First Published: 2002-09-27
Date Last Updated: 2002-09-27 17:47 UTC
Document Revision: 7

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis