12-08-2006, 11:20 AM
Quote:The Windows Media Player library WMVCORE.DLL contains a potentially exploitable heap buffer overflow in its handling of "REF HREF" URLs within ASX files...
Severity:
High
Remote Code Execution:
Likely
Impact:
Arbitrary code execution under the context of the logged in user
.ASX files are auto-opened when viewed within a Web Browser, which allows this vulnerability to be exploited across the internet via malicious web pages or e-mails which could execute arbitrary code under the context of the user who opened the .ASX file. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials...
full article: http://research.eeye.com/html/alerts/zer...61122.html