----------------------------------------------------------------------

We have updated our website, enjoy!
http://secunia.com/

----------------------------------------------------------------------

TITLE:
Windows Media Player Sampling Rate Vulnerability

SECUNIA ADVISORY ID:
SA31726

VERIFY ADVISORY:
http://secunia.com/advisories/31726/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Microsoft Windows Media Player 11.x
http://secunia.com/product/11280/

DESCRIPTION:
A vulnerability has been reported in Windows Media Player, which can
be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when handling sampling
rates. This can be exploited via a specially crafted audio file
streamed from a server-side playlist (SSPL).

Successful exploitation may allow execution of arbitrary code.

SOLUTION:
Apply patches.

Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=d5891180-5dd1-49ec-bcc6-3030a544202c

Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=caf8a45e-a9f8-4e91-98fd-87eddbeae64c

Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=2f4118fd-1ffb-46da-b922-cd4ca4f9d84e

Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=334352e7-d41f-494f-866d-f1f1745ffd17

Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=72fc6028-6af4-44ec-8d2a-28c53807d6bc

Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3906512b-26db-473e-b522-3883ff34a21c

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
MS08-054 (KB954154):
http://www.microsoft.com/technet/security/Bulletin/MS08-054.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------