[Microsoft Alert] Microsoft Security Bulletin MS06-005

Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)

Issued: February 14, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use Microsoft Windows Media Player

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

 

Vulnerability Details:

A remote code execution vulnerability exists in Windows Media Player because of the way that it handles processing bitmap files. An attacker could exploit the vulnerability by constructing a malicious bitmap file (.bmp) that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability.

 

Affected Software:

Microsoft Windows Media Player 7.1 when installed on Windows 2000 Service Pack 4

 

Microsoft Windows Media Player 9 when installed on Windows 2000 Service Pack 4 or Windows XP Service Pack 1

 

Microsoft Windows Media Player 10 when installed on Windows XP Service Pack 1 or Windows XP Service Pack 2

 

 

 

References: http://www.microsoft.com/security/bulletins/current.mspx (Microsoft Security Updates)<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

---