Microsoft Windows Media Player Sampling Rate Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	09/09/2008
Severity:	High
Operating Systems Affected:	Microsoft Windows XP SP2 Microsoft Windows XP SP3 Microsoft Windows XP Professional x64 Microsoft Windows XP Professional x64 SP2 Microsoft Windows Vista Microsoft Windows Vista SP1 Microsoft Windows Vista x64 Microsoft Windows Vista x64 SP1
Applications Affected:	Microsoft Windows Media Player 11

Synopsis

Microsoft Windows Media player is prone to a sampling rate Vulnerability. This vulnerability exists in the way that the attacker can construct a specially crafted audio file that could allow remote code execution when streamed from a Windows Media server using Windows Media Player.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-054.mspx

Threat Analysis

The vulnerability is caused by Windows Media Player 11 incorrectly handling of specially crafted audio-only files streamed from a Windows Media Server in a server-side playlist(SSPL). A SSPL is a list that identifies what content is played for a client, the time at which it is played, and the order in which it is played. The SSPL for a Windows Media server is an XML document.

An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs, view, change, delete data or create new accounts with full user rights.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2253

Write-up by: Aditya Chaturvedi

Security Sites

“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”

Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner

| | | | | | | | |