Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-12-09 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Windows Media Player Issues

Published: 2007-12-09
Last Updated: 2007-12-09 09:37:10 UTC
by Marcus Sachs (Version: 3)
0 comment(s)

According to multiple sources, there are unpatched remote vulnerabilities in Windows Media Player 6.4 and Windows Media Player Classic 6.4 with public PoC's reported on Saturday.  The public PoC generates files with this type of name: SYS_49152_MP4_for_mplayer2.mp4.  Windows Media Player 6.4 is used for Win95 and WinNT systems (see http://www.microsoft.com/windows/windowsmedia/player/version64/default.aspx) so hopefully this does not affect very many of our readers.

Details:  http://www.securityfocus.com/bid/26773

Thanks to Juha-Matti for bringing this to our attention.

Important updates:

  • It appears the vulnerability actually affects the 3ivx MP4 codec, which is not installed by default on a Windows system. Some other applications may also use this codec and could also be affected;  
  • While Media Player 6.4 is the default on Windows NT and 95 systems, it is also included with later versions of the Windows operating system as "mplayer2.exe". It's used by some apps to access Directshow functionality.

Marcus H. Sachs
Director, SANS Internet Storm Center

Keywords:
0 comment(s)
Diary Archives