Microsoft Windows Media Products Code Execution Vulnerabilities (10 December 2008)

Last Update Date: 28 Jan 2011 Release Date: 10 Dec 2008 5325 Views

RISK: Medium Risk

Medium Risk

1. SPN Vulnerability

A credential reflection vulnerability exists in the Windows Media components that could allow an attacker to execute code with the same rights as the local user or with Windows Media Services distribution credentials. The vulnerability exists due to weaknesses in Service Principal Name (SPN) implementations within Windows Media components.

2. ISATAP Vulnerability

An information disclosure vulnerability exists in supported versions of Windows Media components that could result in the disclosure of NTLM credentials. Any Windows Media component that accesses a URL that uses an ISATAP address could leak the user¡¦s NTLM credentials to the server that hosts the URL. This could allow an attacker who is external to the intranet zone to gather NTLM credentials for an enterprise environment.

Impact

  • Remote Code Execution

System / Technologies affected

  • Windows Media Player 6.4
  • Windows Media Format Runtime 7.1
  • Windows Media Format Runtime 9.0
  • Windows Media Format Runtime 9.5
  • Windows Media Format Runtime 11
  • Windows Media Services

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Internet Explorer Code Execution Vulnerabilities (10 December 2008)

10 Dec 2008 5264 Views

Next

Microsoft Internet Explorer XML Parsing Code Execution Vulnerability

10 Dec 2008 5357 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY