Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MS06-024: buffer overflow in windows media player SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-024: buffer overflow in windows media player
MS06-024 - KB 917734

Windows Media player is vulnerable in it's handling of PNG images.

Microsoft rates his vulnerability as critical. It allows remote code execution.
Attack vectors of both email and web are possible through the use of .wmz files.

Workarounds will be based on content filetring in gateways, but might be below par on effectiveness if you count encrypted messages and the like as possible exploit vectors.

--
Swa Frantzen -- section 66


Swa

760 Posts
Jun 13th 2006

Sign Up for Free or Log In to start participating in the conversation!