Friday, December 08, 2006 9:16 AM
cmosby
Welcome to the Microsoft Security Response Center Blog! : Public Proof of Concept Code for ASX File Format Isssue
Public Proof of Concept Code for ASX File Format Isssue
Hey everyone this is Alexandra-
I wanted to let you know that we’re aware of proof-of-concept code published publicly affecting Windows Media ASX file format. We are currently investigating this report. We are not currently aware of attempts to exploit this vulnerability.
The ASX file format is an XML-based media file format which is processed by Windows Media Player. An attacker could construct a malformed ASX file and use it to cause Media Player to overrun a heap-allocated buffer, potentially leading to remote code execution.
We are also investigating other attack vectors to reach the same vulnerable code.
As part of our investigation, we are working with our MSRA partners to monitor and secure the ecosystem.
Thanks,
Alexandra
*This posting is provided "AS IS" with no warranties, and confers no rights.*
Welcome to the Microsoft Security Response Center Blog! : Public Proof of Concept Code for ASX File Format Isssue.
Filed under: Security and Anti-Virus, Patch Management, Microsoft Windows