Home > Windows Media > Windows Media Player Vulnerability: Nov 20

Windows Media Player Vulnerability: Nov 20

This is a cumulative patch, and eliminates every known security vulnerability affecting Windows Media Player 6.4. Specifically, it eliminates all known vulnerabilities affecting Windows Media Player 6.4 - discussed in Microsoft Security Bulletins MS00-090, MS01-029, and MS01-042 - as well as some additional variants of these vulnerabilities Because of this, some of the Windows Media Player 6.4 components were included with subsequent versions of the Player, in order to ensure that web pages could work effectively regardless of Join over 733,556 other people just like you! http://roguewb.com/windows-media/windows-media-player-my-default-player.html

ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. Advertisements do not imply our endorsement of that product or service. (e.g.: CVE-2009-1234 or 2010-1234 or 20101234) Log In Register

Vulnerability Feeds & WidgetsNew www.itsecdb.com Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 7 CVE-2010-0718 119 1 DoS Overflow 2010-02-26 2010-03-01 4.3 None Remote Medium Not required

The attacker could host a file on a web site that would launch automatically when a user visited the site, and which would exploit the vulnerability. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. Terms of Use | Privacy | Cookies AdChoices Home Skip to content Skip to footer Worldwide [change] Welcome, Account Log Out My Cisco Cisco.com Worldwide Home Products & Services (menu) Support

  1. Systems configured in accordance with the least privilege principal would be at less risk from this vulnerability.
  2. Corr. 2014-03-31 2014-04-14 6.8 None Remote Medium Not required Partial Partial Partial Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly
  3. This wouldn't have any real security ramifications - the user could simply restart the player and resume normal operation.
  4. Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More...
  5. However, Microsoft said it has found other security flaws in Windows Media Player, but it hasn't released the details.
  6. Indicators of Compromise Windows Media Player 6.4 is vulnerable, and the following Windows Media Player versions are affected by variants of this vulnerability: Windows Media Player 7 Windows Media Player 7.1 Windows
  7. Revision History Version Description Section Date 1 This is a TruSecure Vulnerability Alert. 2001-November-20 17:37 GMT Show Less Affected Products The security vulnerability applies to the following combinations of products.

Dave Davey7549, Nov 20, 2001 #2 eddie5659 Moderator Malware Specialist Thread Starter Joined: Mar 19, 2001 Messages: 30,032 Thanks Dave I posted that in my lunch hour, so didn't actually Start now > Adobe is changing the world through digital experiences. TechNet Products Products Windows Windows Server System Center Microsoft Edge   Office Office 365 Exchange Server   SQL Server SharePoint Products Skype for Business See all products » IT Resources Resources Integ.

Computerworld The Voice of Business Technology Follow us Cloud Computing Computer Hardware Consumerization of IT Data Center Emerging Technology Enterprise Applications IT Management Internet Mobile & Wireless Networking Operating Systems Security Built at 2014-04-18T13:49:36Z-07:00 Show: Inherited Protected Print Export (0) Print Export (0) Share IN THIS ARTICLE Is this page helpful? Other information: Support: Microsoft Knowledge Base article Q308567 discusses this issue and will be available approximately 24 hours after the release of this bulletin. More hints The flaw makes it possible for attackers to send malformed ASF files that could either crash a system or let malicious hackers take administrative control of it.

An attacker who could entice another user into opening a particular type of streaming media file would be able to use the vulnerability to run programs on the user's computer. This approach would allow the attacker to target specific users, but would be blocked by the Outlook E-Mail Security Update, which is built into Outlook 2002 by default. Microsoft Security Bulletin MS01-056 - Critical Windows Media Player .ASF Processor Contains Unchecked Buffer Published: November 20, 2001 | Updated: May 09, 2003 Version: 1.1 Originally posted: November 20, 2001 Updated: Some of these flaws have already been disclosed by Microsoft, and patches for them have been released.

Start now > Learn the apps Get started or learn new ways to work. These problems are similar to the vulnerability described above, but in this case the affected formats are Active Stream Redirector (.ASX), Windows Media Station (.NSC) and Windows Media Player Skins (.WMS). Maximum Severity Rating: Critical Recommendation: Customers running affected products should apply the patch immediately. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

Why are components of Windows Media Player 6.4 installed as part of other versions of Windows Media Player? weblink Copyright 2001, Oxygen3 by Panda Software www.pandasoftware.com Tools: Print Email Link Comments (0) Related Source Profile: Panda Software Related Topic: Computer Put Computer Headlines on About Us Newsroom Careers At Adobe Privacy Security Corporate Responsibility Customer Showcase Investor Relations Events Contact Us Security Bulletins and Advisories This page contains important information regarding security vulnerabilities that could Microsoft is advising users to immediately apply a patch that takes care of not just the latest threat but also a slew of other vulnerabilties -- some of them still undisclosed

No, create an account now. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. However, the patch eliminates additional vulnerabilities. navigate here The code in Windows Media Player 6.4 used to play Advanced Streaming Format (ASF) content is prone to what is known as a buffer overrun.

By creating a specially malformed ASF file and inducing a user to play it, an attacker could overrun the buffer, with either of two results: in the simplest case, Windows Media Such programs would be capable of taking any action on the user's machine that the user himself could take, including adding, creating or deleting files, communicating with web sites or potentially Primary Products Microsoft, Inc.Windows Media Player6.4 (Base) | 7 (Base) | 7.1 (Base) Associated Products Microsoft, Inc.Active DirectoryOriginal Release (Base) | 2000 (Base) Windows MeOriginal Release (Base) Legal Disclaimer THIS DOCUMENT

The flaw can successfully be exploited only by the user actually opening and playing the ASF file, Microsoft said.

NOTE: this has been incorrectly reported as a code-execution vulnerability. Fixed Software Microsoft has released patches for Media Player 6.4, 7 and 7.1 at the following direct download link: Media Player Microsoft recommends that users upgrade their Windows XP system with Here are the latest Insider stories. Windows Media Player Vulnerability: Nov 20 Discussion in 'Multimedia' started by eddie5659, Nov 20, 2001.

Security Advisories and Bulletins Security Bulletins 2001 2001 MS01-056 MS01-056 MS01-056 MS01-060 MS01-059 MS01-058 MS01-057 MS01-056 MS01-055 MS01-054 MS01-053 MS01-052 MS01-051 MS01-050 MS01-049 MS01-048 MS01-047 MS01-046 MS01-045 MS01-044 MS01-043 MS01-042 MS01-041 Reboot needed: The patch only requires a reboot if Windows Media Player is running at the time that the patch is applied. Learn now > Ask the community Post questions and get answers from experts. http://roguewb.com/windows-media/windows-media-player-7-01.html See ASP.NET Ajax CDN Terms of Use – http://www.asp.net/ajaxlibrary/CDN.ashx. ]]> Log in or Sign up Tech Support Guy Home

Vendor health check: Salesforce How to get started as an IT consultant Face-off: HPE vs. In the simplest case, Windows Media Player 6.4 would stop working, and in the more complex case, code that was chosen by the attacker could be made to run on the V1.1 (May 09, 2003): Updated download links to Windows Update. If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

You’ll be auto redirected in 1 second. You said that the attacker would need to know the specific operating system that the user was running. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation Similar Threads - Windows Media Player Solved Remove windows Media Player dano_61, Feb 6, 2017, in forum: Multimedia Replies: 23 Views: 1,008 dano_61 Feb 10, 2017 Windows Media Player rsimoneau, Jan

A security vulnerability occurs in Windows Media Player 6.4 because the code that processes ASF files contains an unchecked buffer. It affects only Windows Media Player 6.4, and can only be exploited by the user opening and deliberately playing an ASF file. Previous versions are no longer supported, and may or may not be affected by these vulnerabilities. Corr. 2010-10-13 2011-10-04 9.3 None Remote Medium Not required Complete Complete Complete Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which

Similarly, the attacker could also use this vulnerability to insert commands in the ASF file, which could be run on the affected user's system. The information in this document is intended for end users of Cisco products Cisco Multivendor Vulnerability Alerts respond to vulnerabilities identified in third-party vendors' products. In this case, however, the user would need to deliberately open the file and play it. The cumulative patch that has been released for this latest hole also addresses other flaws that are more dangerous.

Yes, my password is: Forgot your password? Are you looking for the solution to your computer problem? The attacker would need to know the specific operating system that the user was running in order to tailor the attack code properly; if the attacker made an incorrect guess about ASF (Advanced Streaming Format) is a data format used for storing streaming media data and sending it over networks.

It affects only Windows Media Player 6.4, and can only be exploited by the user opening and deliberately playing an ASF file. payjo Senior member Joined: Sep 6, 2001 Messages: 267 Likes Received: 0 Microsoft is urging users of its Windows Media Player software to apply a security patch that plugs a hole Corr. 2010-03-22 2010-04-02 4.3 None Remote Medium Not required None None Partial Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial