[Microsoft Alert] Microsoft Security Bulletin MS06-024

Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)

Issued: June 13, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use Microsoft Windows

 

Impact of Vulnerability: Remote Code Execution

 

Maximum Severity Rating: Critical

 

Recommendation: Customers should apply the update immediately

 

Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

 

 

Vulnerability Details:

A remote code execution vulnerability exists in Windows Media Player due to the way it handles the processing of PNG images. An attacker could exploit the vulnerability by constructing specially crafted Windows Media Player content that could potentially allow remote code execution if a user visits a malicious Web site or opens an email message with malicious content. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

 

Affected Software:

Windows Media Player for XP on Microsoft Windows XP Service Pack 1

 

Windows Media Player 9 on Microsoft Windows XP Service Pack 2

 

Windows Media Player 10 on Microsoft Windows XP Professional x64 Edition

 

Windows Media Player 9 on Microsoft Windows Server 2003

 

Windows Media Player 10 on Microsoft Windows Server 2003 Service Pack 1

 

Windows Media Player 10 on Microsoft Windows Server 2003 x64 Edition

 

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)

 

Non-Affected Software:

Windows Media Player 6.4 on all Microsoft Windows operating systems

 

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

 

 

 

References: http://www.microsoft.com/security/bulletins/current.mspx (Microsoft Security Updates)

---