This advisory addresses 2 vulnerabilites in the Windows "Media Format Runtime" which is utilized by applications using Windows Media Content.
The unchecked buffer and URL parsing vulnerabilities could result in full system compromise if exploited. An attacker would create a malicious Advanced Streaming Format (.ASF) file or a malicious Advanced Stream Redirector (.ASX) file and present it to a vulnerable client through a malicious URL, an email attachment or perhaps through a malicious IFRAME or redirect. These vulnerabilities poses the most risk to systems which are used for web surfing or for checking email. Especially if the user is logged in as Administrator or if an unrestricted or lower than High zone Internet Explorer browser is being used. MS Outlook default restrictions might shield a user, but clicking on a URL within an email launches a browser outside of those restrictions. Note: Known exploits have been circulating for CVE-2006-6134 (ASX). Note that it may take several patches to update a system. Windows Media Player 6.4 is patched differently than the Media Format Runtime. It may be a challenge to assess the posture of any given system in regards to these two vulnerabilities short of utilizing the Microsoft tools. Affected: Microsoft Windows Media Format 7.1 through 9.5 Series Runtime on the following operating system versions: Microsoft Windows 2000 Service Pack 4 - Download the update (KB923689) Microsoft Windows XP Service Pack 2 - Download the update (KB923689) Microsoft Windows XP Professional x64 Edition - Download the update (KB923689) Microsoft Windows Server 2003 or Microsoft Windows Server 2003 Service Pack 1 - Download the update (KB923689) Microsoft Windows Server 2003 x64 Edition - Download the update (KB923689) Microsoft Windows Media Format 9.5 Series Runtime x64 Edition on the following operating system versions: Microsoft Windows XP Professional x64 Edition - Download the update (KB923689) Microsoft Windows Server 2003 x64 Edition - Download the update (KB923689) Microsoft Windows Media Player 6.4 Windows 2000 Service Pack 4 - Download the update (KB925398) Microsoft Windows XP Service Pack 2 - Download the update (KB925398) Microsoft Windows XP Professional x64 Edition ? Download the update (KB925398) Microsoft Windows Server 2003 or on Microsoft Windows Server 2003 Service Pack 1 ? Download the update (KB925398) Microsoft Windows Server 2003 x64 Edition ? Download the update (KB925398) Reference URLs: http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx http://support.microsoft.com/kb/923689 http://support.microsoft.com/kb/925398 Windows Media Format ASF Parsing Vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4702 Windows Media Format ASX Parsing Vulnerability http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-6134 http://research.eeye.com/html/alerts/zeroday/20061122.html http://blogs.technet.com/msrc/archive/2006/12/07/public-proof-of-concept-code-for-asx-file-format-isssue.aspx |
Robert 49 Posts Dec 12th 2006 |
Thread locked Subscribe |
Dec 12th 2006 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!