Reported May 23, 2001, by Microsoft.
VERSIONS AFFECTED
-
Microsoft Windows Media Player 6.4 and 7.0 for Windows 2000, Windows NT, Windows Me, and Windows 9x
DESCRIPTION
An
unchecked buffer vulnerability exists in how Windows Media Player processes
Active Stream Redirector (.asx) files that can result in a buffer overflow. An
attacker can use the vulnerability to run code on the vulnerable computer under
the user's security context.
VENDOR RESPONSE
The vendor, Microsoft, has acknowledged this vulnerability and recommends that users of Windows Media Player 6.4 immediately apply the patch contained in Security Bulletin MS01-029. For users of version 7.0, Microsoft recommends an upgrade to version 7.1.
CREDIT
Discovered
by Microsoft.