Windows Media Player .ASX Buffer Overflow Vulnerability

Windows Media Player is an application used for digital audio, and video content viewing. An unsafe buffer copy involving remotely-obtained data exists in the Active Stream Redirector (ASX) component in Windows Media Player.

When parsing .ASX files, the 'HREF' value in the <Banner> tag is copied into a local variable without bounds checking. As a result, it is possible to cause a stack overrun if this field exceeds the predefined length limits. This vulnerability can be exploited by an attacker to gain access to victim hosts.

Remote attackers may be able to exploit vulnerable clients if a malicious .ASX file is placed on a webserver.

Note: This vulnerability may be related to Bugtraq ID: 1980. See the references section.


 

Privacy Statement
Copyright 2010, SecurityFocus