TulipTools Internet Business Owners and Online Sellers Community

TulipTools Internet Business Owners and Online Sellers Community > Operating Systems, Browsers, and Email Clients > Operating Systems, Browsers, and Email Clients and Services > Operating Systems > Windows > Microsoft Sucks Dept: new Zero Day Security Hole in Windows Media Player
Full Version: Microsoft Sucks Dept: new Zero Day Security Hole in Windows Media Player
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

mandy

12-08-2006, 11:20 AM
Quote:The Windows Media Player library WMVCORE.DLL contains a potentially exploitable heap buffer overflow in its handling of "REF HREF" URLs within ASX files...

Severity:
High

Remote Code Execution:
Likely

Impact:
Arbitrary code execution under the context of the logged in user
.ASX files are auto-opened when viewed within a Web Browser, which allows this vulnerability to be exploited across the internet via malicious web pages or e-mails which could execute arbitrary code under the context of the user who opened the .ASX file. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials...

full article: http://research.eeye.com/html/alerts/zer...61122.html
TulipTools Internet Business Owners and Online Sellers Community > Operating Systems, Browsers, and Email Clients > Operating Systems, Browsers, and Email Clients and Services > Operating Systems > Windows > Microsoft Sucks Dept: new Zero Day Security Hole in Windows Media Player