Microsoft Windows Media Player .ASF Processor Contains Unchecked Buffer

One of the streaming media formats supported by Windows Media Player is Advanced Streaming Format (ASF). A security vulnerability occurs in Windows Media Player 6.4 because the code that processes ASF files contains an unchecked buffer. By creating a specially malformed ASF file and inducing a user to play it, an attacker could overrun the buffer, with either of two results: in the simplest case, Windows Media Player 6.4 would fail; in the more complex case, code chosen by the attacker could be made to run on the user�???�??�?�¢??s computer, with the privileges of the user. The scope of this vulnerability is rather limited. It affects only Windows Media Player 6.4, and can only be exploited by the user opening and deliberately playing an ASF file. There is no capability to exploit this vulnerability via email or a web page. However, the patch eliminates additional vulnerabilities. Specifically, it eliminates all known vulnerabilities affecting Windows Media Player 6.4 �???�??�?�¢?? discussed in Microsoft Security Bulletins MS00-090, MS01-029, and MS01-042 �???�??�?�¢?? as well as some additional variants of these vulnerabilities that were discovered internally by Microsoft. Some of these vulnerabilities could be exploited via email or a web page. In addition, some affect components of Windows Media Player 6.4 that, for purposes of backward compatibility, ship with Windows Media Player 7, and 7.1. We therefore recommend that customers running any of these versions of Windows Media Player apply the patch to ensure that they are fully protected against all known vulnerabilities. Windows Media Player for Windows XP includes components of Windows Media Player 6.4, but they are not affected by the ASF buffer overrun or by any of the other vulnerabilities discussed in the security bulletins listed above. However, the version 6.4 components that ship with Windows Media Player for Windows XP are affected by some of the newly discovered variants of these vulnerabilities. Rather than installing this patch, however, we recommend that customers install the 25 October 2001 Critical Update for Windows XP.
File Size780.07 kB
Operating System Windows Windows NT Windows 98 Windows XP Windows 95 Windows 2000
System Requirements<li>Windows NT 4 SP 6</li><li>Windows 2003 SP 1</li><li>Windows XP AMD 64-bit</li><li>Windows XP 64-bit SP 1</li><li>Windows NT 4 SP 2</li><li>Windows 2000 SP 1</li><li>Windows 2003 64-bit</li><li>Windows 2003 AMD 64-bit</li><li>Windows XP 64-bit SP 2</li><li>Windows NT 4 SP 3</li><li>Windows 2000 SP 2</li><li>Windows Server 2003 x64 R2</li><li>Windows 2000</li><li>Windows 2003 64-bit SP 1</li><li>Windows Vista AMD 64-bit</li><li>Windows XP Itanium 64-bit</li><li>Windows NT 4 SP 4</li><li>Windows 2000 SP 3</li><li>Windows NT 4</li><li>Windows XP 32-bit</li><li>Windows XP SP 1</li><li>Windows Server 2003 x86 R2</li><li>Windows ME</li><li>Windows 2003 Itanium 64-bit</li><li>Windows NT 4 SP 5</li><li>Windows 2000 SP 4</li><li>Windows Vista 32-bit</li><li>Windows XP 64-bit</li><li>Windows NT 4 SP 1</li><li>Windows Server 2008 x64</li><li>Windows NT 3</li><li>Windows Server 2008 x86</li><li>Windows XP</li><li>Windows Server 2008</li><li>Windows 2003</li><li>Windows Vista Itanium 64-bit</li><li>Windows XP Itanium 64-bit SP 1</li><li>Windows 2003 32-bit</li><li>Windows XP Itanium 64-bit SP 2</li><li>Windows XP SP 2</li><li>Windows 95</li><li>Windows 98</li><li>Windows Vista</li><li>Windows NT</li><li>Windows 2003 Itanium 64-bit SP 1</li><li>Windows XP Pro</li>