A vulnerability was reported in Windows Media Player. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted WAV, SND, or MIDI file that, when loaded by the target user, will trigger an integer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.
-----------------
UPDATE - Microsoft appears to agree with you, Frantisek. Microsoft pours cold water on WMP flaw warning.
Microsoft is aware of a falsely reported vulnerability in Microsoft Windows Media Player Dec. 25, 2008. Microsoft investigated the claim and found that this is not a product vulnerability. Microsoft confirmed that the reported crash is not exploitable and does not allow an attacker to execute arbitrary code, as was incorrectly claimed in the public report.
Hi, I checked it and it doesn't seem to be exploitable. Crash is caused by unsigned division overflow in MulDivRn called from smfTicksToMillisecs.
ReplyDeleteThis bug is in quartz.dll, again (smfTicksToMillisecs).