Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
BID:25305
Info
Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
| Bugtraq ID: | 25305 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-3037 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 14 2007 12:00AM |
| Updated: | Aug 25 2008 04:25PM |
| Credit: | Piotr Bania, working with TippingPoint and the Zero Day Initiative, reported this issue to the vendor. |
| Vulnerable: |
Microsoft Windows Media Player 9.0 Microsoft Windows Media Player 7.1 Microsoft Windows Media Player 11 Microsoft Windows Media Player 10.0 Avaya Customer Interaction Express (CIE) User Interface 1.0.2 Avaya Customer Interaction Express (CIE) User Interface 1.0 Avaya Customer Interaction Express (CIE) Server 1.0 Avaya CIE 1.0.2 Avaya CIE 1.0 |
| Not Vulnerable: | |
Discussion
Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted skin files.
Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files (WMZ or WMD files). Note that users must attempt to apply the skin files.
Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.
Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted skin files.
Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files (WMZ or WMD files). Note that users must attempt to apply the skin files.
Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.
Exploit / POC
Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to open a maliciously crafted skin file.
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
To exploit this issue, an attacker must entice an unsuspecting user to open a maliciously crafted skin file.
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
Solution:
Microsoft has released an advisory along with fixes to address this issue. Please see the references for more information.
Microsoft Windows Media Player 11
Microsoft Windows Media Player 10.0
Microsoft Windows Media Player 9.0
Microsoft Windows Media Player 7.1
Solution:
Microsoft has released an advisory along with fixes to address this issue. Please see the references for more information.
Microsoft Windows Media Player 11
-
Microsoft Security Update for Windows Media Player 11 for Windows XP (KB936782)
Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=a690d042-1137 -4aaf-bd0e-565ea04d1f2b -
Microsoft Security Update for Windows Media Player 11 for Windows XP x64 Edition (KB936782)
Windows Server 2003 Service Pack 2 x64 Edition; Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=bdc89f34-c1ff -46ab-b52d-c02d51c5c373 -
Microsoft Security Update for Windows Vista (KB936782)
Windows Vista
http://www.microsoft.com/downloads/details.aspx?FamilyId=80e5167c-4f75 -4ce3-8b15-2f50958deec8 -
Microsoft Security Update for Windows Vista for x64-based Systems (KB936782)
Windows Vista Business 64-bit edition; Windows Vista Enterprise 64-bit edition; Windows Vista Home Basic 64-bit edition; Windows Vista Home Premium 64-bit edition; Windows Vista Ultimate 64-bit edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=bf30b714-d6e7 -47ea-b79e-84c18370a661
Microsoft Windows Media Player 10.0
-
Microsoft Security Update for Windows Media Player 10 for Windows XP (KB936782)
Windows XP SP2
http://www.microsoft.com/downloads/details.aspx?FamilyId=48f5a9d3-b859 -4cb6-a68e-abde76a14782 -
Microsoft Security Update for Windows Server 2003 (KB936782)
Windows Server 2003 Service Pack 1; Windows Server 2003 Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=8d9f1fdf-6d4c -44d4-9b5f-bdbe8ac28d7f -
Microsoft Security Update for Windows Server 2003 x64 Edition (KB936782)
indows Server 2003 Service Pack 2 x64 Edition; Windows Server 2003, Datacenter x64 Edition; Windows Server 2003, Enterprise x64 Edition; Windows Server 2003, Standard x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=2c04c7f2-728e -43bd-8574-26e411fcd129 -
Microsoft Security Update for Windows XP x64 Edition (KB936782)
Windows Server 2003 Service Pack 2 x64 Edition; Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=949580be-cbb3 -4271-8ca0-0ead7f2d8801
Microsoft Windows Media Player 9.0
-
Microsoft Security Update for Windows Media Player 9 (KB936782)
Windows 2000 SP4 or Windows XP SP2
http://www.microsoft.com/downloads/details.aspx?FamilyId=bd4a6474-5fde -415e-840e-7d973cb71c95
Microsoft Windows Media Player 7.1
-
Microsoft Security Update for Windows Media Player 7.1 for Windows 2000 (KB936782)
Windows 2000 SP4
http://www.microsoft.com/downloads/details.aspx?FamilyId=9f46b1fc-ee7b -437f-9492-67d003711021
References
Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
References:
References: