PCWorks: Windows Media Player PNG Processing Buffer Overflow

Thread: PCWorks: Windows Media Player PNG Processing Buffer Overflow

Search this list only Search all lists
PCWorks: Windows Media Player PNG Processing Buffer Overflow
	2006-06-14 12:16:47
TITLE: Windows Media Player PNG Processing Buffer Overflow SECUNIA ADVISORY ID: SA20626 VERIFY ADVISORY: http://secunia.c om/advisories/20626/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Microsoft Windows Media Player 10.x http://secunia.com/p roduct/4208/ Microsoft Windows Media Player 7.x http://secunia.com/p roduct/1084/ Microsoft Windows Media Player 9.x http://secunia.com/p roduct/1085/ DESCRIPTION: iDefense Labs has reported a vulnerability in Windows Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the decoding of PNG (Portable Network Graphics) image file chunks. This can be exploited to cause a stack-based buffer overflow via a specially crafted PNG image when a user opens a malicious WMZ file or visits a malicious web site. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Windows Media Player for XP on Windows XP SP1: http://www.microsof t.com/downloads/details.aspx?FamilyId=11372cc0-3da9-49ad-bb0 8-1493ce3cd0bd Windows Media Player 9 on Windows XP SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=c00be4c3-34ba-4858-90d 7-520b7d240e33 Windows Media Player 10 on Windows XP Professional x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=f59065ec-0279-48ec-ab2 7-8abca715ac01 Windows Media Player 9 on Windows Server 2003: http://www.microsof t.com/downloads/details.aspx?FamilyId=c00be4c3-34ba-4858-90d 7-520b7d240e33 Windows Media Player 10 on Windows Server 2003 SP1: http://www.microsof t.com/downloads/details.aspx?FamilyId=4f933b0c-7d2d-4049-92d a-bbbe97371594 Windows Media Player 10 on Windows Server 2003 x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=facc7dfe-9b3b-48dd-a06 8-5bb9c6b60f87 Windows 98, Windows 98 SE, and Windows Me: Patches are available from the Windows Update web site. Windows Media Player 7.1 on Windows 2000 SP4: http://www.microsof t.com/downloads/details.aspx?FamilyId=5abb6258-9468-4188-a17 8-aa46f100ab61 Windows Media Player 9 on Windows 2000 SP4 / Windows XP SP1: http://www.microsof t.com/downloads/details.aspx?FamilyId=c00be4c3-34ba-4858-90d 7-520b7d240e33 Windows Media Player 10 on Windows XP SP1/SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=0f641572-74fd-4281-953 f-6f2f12e001e0 ORIGINAL ADVISORY: MS06-024 (KB917734): http://www.microsoft.com/technet/security/Bullet in/MS06-024.mspx iDefense Labs: http://idefense.com/intelligence/vulnerabilit ies/display.php?id=406 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )