Thread-topic: [SA18835] Windows Media Player Bitmap File Processing Vulnerability
>
>
> TITLE:
> Windows Media Player Bitmap File Processing Vulnerability
>
> SECUNIA ADVISORY ID:
> SA18835
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/18835/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Windows Media Player 7.x
> http://secunia.com/product/1084/
> Microsoft Windows Media Player 10.x
> http://secunia.com/product/4208/
> Microsoft Windows Media Player 8.x
> http://secunia.com/product/1535/
> Microsoft Windows Media Player 9.x
> http://secunia.com/product/1085/
>
> DESCRIPTION:
> A vulnerability has been reported in Windows Media Player, which can
> be exploited by malicious people to compromise a user's system.
>
> The vulnerability is caused due to a boundary error within the
> processing of bitmap files (.bmp) and can be exploited to cause a
> buffer overflow via a specially crafted bitmap file.
>
> Successful exploitation allows execution of arbitrary code when a
> user e.g. visits a malicious web site, opens a malicious bitmap file
> (Windows Media Player is not the default handler for bitmap files),
> or opens a file (e.g. Word document) containing a malicious Windows
> Media Player (.wmp) image.
>
> The following supported products and product combinations are NOT
> vulnerable:
> * Windows Media Player 6.4
> * Windows Media Player 10 on Windows Server 2003 SP1
> * Windows XP Professional x64 Edition
> * Windows Server 2003 (with or without SP1) for Itanium-based
> systems
> * Microsoft Windows Server 2003 x64 Edition
>
> SOLUTION:
> Apply patch.
>
> Windows Media Player for XP on Windows XP SP1:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=11005
> 4F2-244D-4036-B98C-E951CBA7E9BA
>
> Windows Media Player 9 on Windows XP SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8F9EE
> F16-04F7-4DA8-A0EF-1797B52D0B4B
>
> Windows Media Player 9 on Windows Server 2003:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8F9EE
> F16-04F7-4DA8-A0EF-1797B52D0B4B
>
> Windows Media Player 7.1 on Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=26A0B
> 9E1-1242-4E55-B3D4-8377B83257C6
>
> Windows Media Player 9 on Windows 2000 SP4 / Windows XP SP1:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8F9EE
> F16-04F7-4DA8-A0EF-1797B52D0B4B
>
> Windows Media Player 10 on Windows XP SP1 / SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=18273
> 5E1-9382-4F2E-A624-D2316A96B411
>
> Windows 98, Windows 98 SE, and Windows ME:
> Patches are available via the Windows Update web site.
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Marc Maiffret, eEye.
>
> ORIGINAL ADVISORY:
> MS06-005 (KB911565):
> http://www.microsoft.com/technet/security/Bulletin/MS06-005.mspx
>