Secunia Security Advisory - A vulnerability has been reported in Windows Media Player, which can be exploited by malicious people to compromise a user's system.
2da453250b2e9eb303a7ebee52648d7d9d07f054171128044550945e234f4c2b
----------------------------------------------------------------------
We have updated our website, enjoy!
http://secunia.com/
----------------------------------------------------------------------
TITLE:
Windows Media Player Sampling Rate Vulnerability
SECUNIA ADVISORY ID:
SA31726
VERIFY ADVISORY:
http://secunia.com/advisories/31726/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Microsoft Windows Media Player 11.x
http://secunia.com/product/11280/
DESCRIPTION:
A vulnerability has been reported in Windows Media Player, which can
be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error when handling sampling
rates. This can be exploited via a specially crafted audio file
streamed from a server-side playlist (SSPL).
Successful exploitation may allow execution of arbitrary code.
SOLUTION:
Apply patches.
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=d5891180-5dd1-49ec-bcc6-3030a544202c
Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=caf8a45e-a9f8-4e91-98fd-87eddbeae64c
Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=2f4118fd-1ffb-46da-b922-cd4ca4f9d84e
Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=334352e7-d41f-494f-866d-f1f1745ffd17
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=72fc6028-6af4-44ec-8d2a-28c53807d6bc
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3906512b-26db-473e-b522-3883ff34a21c
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
MS08-054 (KB954154):
http://www.microsoft.com/technet/security/Bulletin/MS08-054.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------