Severity: Medium
9 September, 2008
Summary:
§ This vulnerability affects: Windows Media Player 11
§ How an attacker exploits it: By enticing one of your users into playing a specially crafted audio file hosted on a malicious Windows Media Server
§ Impact: A remote attacker can execute code, potentially gaining complete control of your user’s computer
§ What to do: Install the appropriate Microsoft patches immediately
Severity: Medium
9 September, 2008
Summary:
§ This vulnerability affects: Windows Media Player 11
§ How an attacker exploits it: By enticing one of your users into playing a specially crafted audio file hosted on a malicious Windows Media Server
§ Impact: A remote attacker can execute code, potentially gaining complete control of your user’s computer
§ What to do: Install the appropriate Microsoft patches immediately
Exposure:
Windows Media Player (WMP) is the popular multimedia playback application that ships with Windows.
In a security bulletin released today as part of Patch Day, Microsoft describes a new remote code execution vulnerability that affects WMP 11. They don’t describe the flaw in much detail, saying only that WMP 11 doesn’t properly handle specially crafted audio files when streamed from Windows Media Servers. By enticing one of your users into listening to a malicious audio stream, an attacker could exploit this flaw to execute code on that user’s computer, with the user’s privileges. Of course, if your user has administrative privileges, the attacker would gain complete control of his computer. Furthermore, attackers could even embed malicious audio streams right into Web pages; so, simply visiting a malicious Web page could result in an attacker taking over your computer.
On a related note: Microsoft also released a security bulletin concerning an optional Windows Media component called Windows Media Encoder. This component doesn’t come with Windows. However, if you create your own video or audio content, you may have downloaded this free program to help you encode and compress your digital media. Unfortunately, the Windows Media Encoder suffers from a buffer overflow vulnerability involving one of its ActiveX controls. By luring you to a malicious Web site, an attacker could exploit this flaw to execute code, potentially gaining control of your machine; but only if you’ve installed this optional component. If you have, you should download and install the updates from this bulletin as well.
Solution Path:
Microsoft has released an update for WMP to fix this vulnerability. You should download, test, and deploy the appropriate patches as soon as possible.
Windows Media Player 11 updates:
For All WatchGuard Users:
An attacker would exploit this vulnerability using a server-side playlist, which in Windows Media Player arrives as an XML document. However, many authentic web sites use XML documents, for perfectly legitimate reasons. Blocking XML files could seriously affect your users’ web browsing experience. Therefore, the patches above are your best solution.
Status:
Microsoft has released patches to fix these vulnerabilities.
References:
§ Microsoft Security Bulletin MS08-054
§ Microsoft Security Bulletin MS08-053