Windows Media Player .ASX 'Version' Buffer Overflow Vulnerability

Windows Media Player is an application used for digital audio, and video content viewing. An unsafe buffer copy involving remotely-obtained data exists in the Active Stream Redirector (ASX) component in Windows Media Player.

When parsing .ASX files, the 'HREF' value in the <VERSION> tag is copied into a local variable without bounds checking. As a result, it is possible to cause a stack overrun if this field exceeds the predefined length limits. This vulnerability can be exploited by an attacker to gain access to victim hosts.

Remote attackers may be able to exploit vulnerable clients if a malicious .ASX file is placed on a webserver.

Though not confirmed, it is increasingly likely that there is a single underlying problem with the handling of HREF attributes which is leading to these vulnerabilities. See Bugtraq IDs 1980 and 2677 (links in reference section).


Privacy Statement
Copyright 2010, SecurityFocus