Security 10816 Published by

One of the streaming media formats supported by Windows Media Player is Advanced Streaming Format (ASF). A security vulnerability occurs in Windows Media Player 6.4 because the code that processes ASF files contains an unchecked buffer.

By creating a specially malformed ASF file and inducing a user to play it, an attacker could overrun the buffer, with either of two results: in the simplest case, Windows Media Player 6.4 would fail; in the more complex case, code chosen by the attacker could be made to run on the user's computer, with the privileges of the user. The scope of this vulnerability is rather limited. It affects only Windows Media Player 6.4, and can only be exploited by the user opening and deliberately playing an ASF file. There is no capability to exploit this vulnerability via email or a web page.

Read more