• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows Media Player Malformed PNG Remote Code Execution Vulnerability

Microsoft Windows Media Player is prone to a remote code-execution vulnerability. This vulnerability is related to handling of malicious PNG images.

PNG images may be embedded in Windows Media Player skin files. Attackers may be able to exploit this issue by causing the application to load a malicious skin file, which could be hosted on an attacker-controlled web page or through email attachments. If successful, an attacker could execute arbitrary code in the context of the affected user.

Microsoft has stated that web-based attack scenarios are not possible with Media Player 7.1 on Windows 2000 SP4 and Media Player XP on Windows XP SP2. However, a victim may still be affected if they manually download and install a malicious skin file on these platforms.