Home > Windows Media > Windows Media Player Vulnerability: Nov 20

Windows Media Player Vulnerability: Nov 20

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site. Windows Media Player 6.4 shipped as part of both Windows ME and Windows 2000, and Windows Media Player for Windows XP ships as part of Windows XP. No, create an account now. However, Microsoft said it has found other security flaws in Windows Media Player, but it hasn't released the details. have a peek here

The portion of Windows Media Player 6.4 that handles ASF files doesn't properly check inputs before processing them. What does the patch do? Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. The flaw makes it possible for attackers to send malformed ASF files that could either crash a system or let malicious hackers take administrative control of it. https://technet.microsoft.com/en-us/library/security/ms01-056.aspx

Terms of Use | Privacy | Cookies AdChoices Home Skip to content Skip to footer Worldwide [change] Welcome, Account Log Out My Cisco Cisco.com Worldwide Home Products & Services (menu) Support Advertisement eddie5659 Moderator Malware Specialist Thread Starter Joined: Mar 19, 2001 Messages: 30,032 Hiya One of the streaming media formats supported by Windows Media Player is Advanced Streaming Format (ASF). If a third-party software vulnerability is determined to affect a Cisco product, the vulnerability will be disclosed according to the Cisco Security Vulnerability Policy.

  • It could not be exploited via either email or a web page.
  • Only the security fix in MS01-029 is superseded by this patch.
  • Short URL to this thread: https://techguy.org/59076 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account?
  • This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.
  • Tech Support Guy is completely free -- paid for by advertisers and donations.
  • Learn now > Ask the community Post questions and get answers from experts.
  • What causes the vulnerability?
  • There is no charge for support calls associated with security patches.
  • Primary Products Microsoft, Inc.Windows Media Player6.4 (Base) | 7 (Base) | 7.1 (Base) Associated Products Microsoft, Inc.Active DirectoryOriginal Release (Base) | 2000 (Base) Windows MeOriginal Release (Base) Legal Disclaimer THIS DOCUMENT
  • patmac replied Mar 18, 2017 at 12:33 AM News from the web #3 poochee replied Mar 17, 2017 at 11:55 PM Loading...

Corr. 2010-10-13 2011-10-04 9.3 None Remote Medium Not required Complete Complete Complete Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which These alerts contain information compiled from diverse sources and provide comprehensive technical descriptions, objective analytical assessments, workarounds and practical safeguards, and links to vendor advisories and patches. Yes. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. 40 CVE-2002-1844 +Priv 2002-12-31 2008-09-05 7.2 Admin Local Low Not required Complete Complete Complete

It affects only Windows Media Player 6.4, and can only be exploited by the user opening and deliberately playing an ASF file. Windows XP users should visit Windows Update to install the latest fixes. Any use of this information is at the user's risk. https://www.neowin.net/forum/topic/5658-critical-update-windows-media-player-asf-processor-contains-uncheck/ Windows Media Player for Windows XP includes components of Windows Media Player 6.4, but they are not affected by the ASF buffer overrun or by any of the other vulnerabilities discussed

Show Ignored Content As Seen On Welcome to Tech Support Guy! This site is completely free -- paid for by advertisers and donations. Analysis This specific vulnerability is only likely to cause the user's Media Player to fail. The player can be restarted without damaging the player or system.The ability of an attacker to Fixed Software Microsoft has released patches for Media Player 6.4, 7 and 7.1 at the following direct download link: Media Player Microsoft recommends that users upgrade their Windows XP system with

Sorry There was an error emailing this page. If you're not already familiar with forums, watch our Welcome Guide to get started. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. This patch or upgrade also includes fixes formore severe vulnerabilities, whichwere previously released individually, and additional vulnerabilities that Microsoft discovered during research and development of these corrections. These previous vulnerabilities were

This would pose a significant security threat. navigate here Frequently asked questions What vulnerabilities are eliminated by this patch? Security Advisories and Bulletins Security Bulletins 2001 2001 MS01-056 MS01-056 MS01-056 MS01-060 MS01-059 MS01-058 MS01-057 MS01-056 MS01-055 MS01-054 MS01-053 MS01-052 MS01-051 MS01-050 MS01-049 MS01-048 MS01-047 MS01-046 MS01-045 MS01-044 MS01-043 MS01-042 MS01-041 What's the scope of these additional vulnerabilities?

By creating a specially malformed ASF file and inducing a user to play it, an attacker could overrun the buffer, with either of two results: in the simplest case, Windows Media a Reston, Va.-based security firm. "You don't know what to assume. ... If the attacker guessed wrong, the player would fail, but this wouldn't pose a security threat. http://midsolutions.org/windows-media/windows-media-player-11-media-sharing-vista-to-xp.html Amongst other things, this patch fixes a vulnerability that could allow a malformed Advanced Streaming Format (.ASF) file to run arbitrary code on affected systems.

This patch eliminates all known security vulnerabilities affecting Windows Media Player 6.4: A vulnerability involving the processor for Advanced Streaming Format (ASF) files The vulnerabilities previously discussed in Microsoft Security Bulletins AnandTech Forums: Technology, Hardware, Software, and Deals Home Forums > Software > Software for Windows > Home Guides Registry Guide Security Guide Software Guide Scripting Guide Search Support About Us Integ.

The flaw can successfully be exploited only by the user actually opening and playing the ASF file, Microsoft said.

Stay logged in Sign up now! We appreciate your feedback. Staff Online Now davehc Trusted Advisor Advertisement Tech Support Guy Home Forums > Software & Hardware > Multimedia > Home Forums Forums Quick Links Search Forums Recent Posts Members Members Quick Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry.

NetApp for enterprise flash storage Considering enterprise flash array storage? All rights reserved. Copyright 2001, Oxygen3 by Panda Software www.pandasoftware.com Tools: Print Email Link Comments (0) Related Source Profile: Panda Software Related Topic: Computer Put Computer Headlines on this contact form About Us Newsroom Careers At Adobe Privacy Security Corporate Responsibility Customer Showcase Investor Relations Events Contact Us Security Bulletins and Advisories This page contains important information regarding security vulnerabilities that could

In addition, some affect components of Windows Media Player 6.4 that, for purposes of backward compatibility, ship with Windows Media Player 7, and 7.1. Today's patch addresses these flaws as well, Microsoft said.