Microsoft Windows Media Runtime Multiple Vulnerabilities( 14 October 2009 )
RISK: Medium Risk
1. Windows Media Runtime Voice Sample Rate Vulnerability
A remote code execution vulnerability exists in Windows Media Player due to the improper processing of specially crafted Advanced Systems Format (ASF) files. An attacker could exploit the vulnerability by constructing a specially crafted audio file that could allow remote code execution when played using an affected version of Windows Media Player. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
2. Windows Media Runtime Heap Corruption Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Windows Media Runtime handles certain functions in compressed audio files. This vulnerability could allow remote code execution if a user opened a specially crafted file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- DirectShow WMA Voice Codec
- Windows Media Audio Voice Decoder
- Audio Compression Manager
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Windows 2000 Service Pack 4
- DirectShow WMA Voice Codec (KB969878)
- Windows Media Audio Voice Decoder (KB954155)
- Audio Compression Manager (KB975025) - Windows XP Service Pack 2
- DirectShow WMA Voice Codec (KB969878)
- Windows Media Audio Voice Decoder (KB954155)
- Audio Compression Manager (KB975025) - Windows XP Service Pack 3
- DirectShow WMA Voice Codec (KB969878)
- Windows Media Audio Voice Decoder (KB954155)
- Audio Compression Manager (KB975025) - Windows XP Professional x64 Edition Service Pack 2
- DirectShow WMA Voice Codec (KB969878)
- Windows Media Audio Voice Decoder (KB954155)
- Windows Media Audio Voice Decoder in Windows Media Format SDK 9.5 x64 Edition (KB954155)
- Windows Media Audio Voice Decoder in Windows Media Format SDK 11 (KB954155)
- Audio Compression Manager (KB975025) - Windows Server 2003 Service Pack 2
- DirectShow WMA Voice Codec(KB969878)
- Windows Media Audio Voice Decoder (KB954155)
- Audio Compression Manager (KB975025) - Windows Server 2003 x64 Edition Service Pack 2
- DirectShow WMA Voice Codec (KB969878)
- Windows Media Audio Voice Decoder (KB954155)
- Windows Media Audio Voice Decoder in Windows Media Format SDK 9.5 x64 Edition (KB954155)
- Audio Compression Manager (KB975025) - Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
- Windows Media Audio Voice Decoder (KB954155) - Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
- Windows Media Audio Voice Decoder (KB954155) - Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Media Audio Voice Decoder (KB954155) - Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Media Audio Voice Decoder (KB954155)
Vulnerability Identifier
Source
Related Link
Share with