Microsoft Windows Media Player AU Divide-By-Zero Denial of Service Vulnerability

Bugtraq ID:	25236
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-4288
Remote:	Yes
Local:	No
Published:	Aug 08 2007 12:00AM
Updated:	May 07 2015 05:36PM
Credit:	Adonis and Abed are credited with the discovery of this vulnerability.
Vulnerable:	Microsoft Windows Media Player 11
Not Vulnerable:

Microsoft Windows Media Player AU Divide-By-Zero Denial of Service Vulnerability

Microsoft Windows Media Player is prone to a denial-of-service vulnerability when processing a malformed AU file.

A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Microsoft Windows Media Player 11; other versions may also be affected.

Microsoft Windows Media Player AU Divide-By-Zero Denial of Service Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to open a maliciously crafted AU file.

The following proof-of-concept AU file and AU-file generator are available:

• /data/vulnerabilities/exploits/25236.py
• /data/vulnerabilities/exploits/25236.au

Microsoft Windows Media Player AU Divide-By-Zero Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Microsoft Windows Media Player AU Divide-By-Zero Denial of Service Vulnerability

References:

• Windows Media Player Homepage (Microsoft)
  
• DoS in Microsoft Media Player 11 on Win XP SP2 (Adonis)