Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA28034] Windows Media Format Runtime ASF Parsing Vulnerability



> ----------------------------------------------------------------------
>
> TITLE:
> Windows Media Format Runtime ASF Parsing Vulnerability
>
> SECUNIA ADVISORY ID:
> SA28034
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28034/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> OPERATING SYSTEM:
> Microsoft Windows XP Professional
> http://secunia.com/product/22/
> Microsoft Windows XP Home Edition
> http://secunia.com/product/16/
> Microsoft Windows Vista
> http://secunia.com/product/13223/
> Microsoft Windows Storage Server 2003
> http://secunia.com/product/12399/
> Microsoft Windows Server 2003 Web Edition
> http://secunia.com/product/1176/
> Microsoft Windows Server 2003 Standard Edition
> http://secunia.com/product/1173/
> Microsoft Windows Server 2003 Enterprise Edition
> http://secunia.com/product/1174/
> Microsoft Windows Server 2003 Datacenter Edition
> http://secunia.com/product/1175/
> Microsoft Windows 2000 Server
> http://secunia.com/product/20/
> Microsoft Windows 2000 Professional
> http://secunia.com/product/1/
> Microsoft Windows 2000 Datacenter Server
> http://secunia.com/product/1177/
> Microsoft Windows 2000 Advanced Server
> http://secunia.com/product/21/
>
> SOFTWARE:
> Microsoft Windows Media Format Runtime 9.x
> http://secunia.com/product/16898/
> Microsoft Windows Media Format Runtime 7.x
> http://secunia.com/product/16897/
> Microsoft Windows Media Format Runtime 11.x
> http://secunia.com/product/16899/
> Microsoft Windows Media Services 9.x
> http://secunia.com/product/16900/
>
> DESCRIPTION:
> A vulnerability has been reported in Windows Media Format Runtime /
> Windows Media Services, which can be exploited by malicious people to
> compromise a user's system.
>
> The vulnerability is caused due to an error when parsing ASF
> (Advanced Systems Format) files and can be exploited when a user
> views a specially crafted ASF file in an application using the
> component (e.g. Windows Media Player).
>
> Successful exploitation may allow execution of arbitrary code.
>
> SOLUTION:
> Apply patches.
>
> Windows 2000 SP4 with Windows Media Format Runtime 7.1:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=eecdf
> 2ce-9aa7-4f0c-b62b-2fa7a32f369e
>
> Windows 2000 SP4 with Windows Media Format Runtime 9:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=eecdf
> 2ce-9aa7-4f0c-b62b-2fa7a32f369e
>
> Windows XP SP2 with Windows Media Format Runtime 9:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=bece7
> 02a-6e61-433e-8275-20f4e84f2c92
>
> Windows XP SP2 with Windows Media Format Runtime 9.5:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=bece7
> 02a-6e61-433e-8275-20f4e84f2c92
>
> Windows XP Professional x64 Edition (optionally with SP2) with
> Windows Media Format Runtime 9.5:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=81f20
> b45-dfc7-4ddf-a4b4-6c0e9476ed51
>
> Windows Server 2003 SP1/SP2 with Windows Media Format Runtime 9.5:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=8fea7
> da8-a7f3-4786-97c2-fb5ea7018159
>
> Windows Server 2003 x64 Edition (optionally with SP2) with Windows
> Media Format Runtime 9.5:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=ffc69
> c76-02f1-4b15-8ec1-dab8c7e33bd4
>
> Windows XP Professional x64 Edition (optionally with SP2) with
> Windows Media Format Runtime 9.5 x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=72d2c
> a0e-da81-45ee-9321-4970b80f4a5a
>
> Windows Server 2003 x64 Edition (optionally with SP2) with Windows
> Media Format Runtime 9.5 x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=ffc69
> c76-02f1-4b15-8ec1-dab8c7e33bd4
>
> Windows XP SP2 with Windows Media Format Runtime 11:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=bece7
> 02a-6e61-433e-8275-20f4e84f2c92
>
> Windows XP Professional x64 Edition (optionally with SP2) with
> Windows Media Format Runtime 11:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=1037b
> 224-ac89-4efd-b189-6f3da77a88e6
>
> Windows Vista with Windows Media Format Runtime 11:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=9a98e
> f96-bc2e-42b7-9a24-c82c8fb379db
>
> Windows Vista x64 Edition with Windows Media Format Runtime 11:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=3ce02
> c95-d695-4f14-9fb3-30c83a9cfb9c
>
> Windows Server 2003 SP1/SP2 with Windows Media Services 9.1:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=09671
> 1d4-ce01-45d0-9c2d-ebfa5c671b9f
>
> Windows Server 2003 x64 Edition (optionally with SP2) with Windows
> Media Services 9.1 x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=23c23
> 800-5aaa-455b-96bf-4ead4dfdd95d
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Ryan Smith, ISS X-Force.
>
> ORIGINAL ADVISORY:
> MS07-068 (KB941569 / KB944275):
> http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
>



 




Copyright © Lexa Software, 1996-2009.