ISS X-Force Database: win-mediaplayer-skin-header-code-execution(35895): Microsoft Windows Media Player skin decompression code execution

Microsoft Windows Media Player skin decompression code execution

win-mediaplayer-skin-header-code-execution (35895)

High Risk

Description:

Microsoft Windows Media Player could allow a remote attacker to execute arbitrary code on the system, caused by improper parsing of compressed skin file (WMZ and WMD) headers. By creating a skin file containing a malformed header and persuading a victim to open the file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim. An attacker could exploit this vulnerability by hosting the malicious file on a Web site or sending the file as an email attachment.

Platforms Affected:

Microsoft, Windows Vista x64
Microsoft, Windows 2000 SP4
Microsoft, Windows 2003 Server SP2 x64
Microsoft, Windows 2003 Server SP2
Microsoft, Windows 2003 Server SP1
Microsoft, Windows 2003 Server x64
Microsoft, Windows Media Player 10
Microsoft, Windows Media Player 11
Microsoft, Windows Media Player 7.1
Microsoft, Windows Media Player 9
Microsoft, Windows Vista
Microsoft, Windows XP SP2
Microsoft, Windows XP SP2 Professional x64
Microsoft, Windows XP Professional x64

Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS07-047. See References.

Consequences:

Gain Access

References:

HPSBST02255 SSRT071456 rev.1, Storage Management Appliance (SMA), Microsoft Patch Applicability MS07-042 to MS07-050 at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01143196&jumpid=reg_R1002_USEN.
Microsoft Security Bulletin MS07-047, Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782) at http://www.microsoft.com/technet/security/Bulletin/MS07-047.mspx.
ZDI-07-047, Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability at http://www.zerodayinitiative.com/advisories/ZDI-07-047.html.
ASA-2007-358: MS07-047 Vulnerability in Windows Media Player Could Allow Remote Code Execution (936782)
BID-25305: Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
BID-25307: Microsoft Windows Media Player Remote Skin Decompression Code Execution Vulnerability
CVE-2007-3035: Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka Windows Media Player Code Execution Vulnerability Decompressing Skins.
SA26433: Windows Media Player Skin Handling Code Execution Vulnerabilities
SECTRACK ID: 1018565: Windows Media Player Skin File Header Processing Bugs Let Remote Users Execute Arbitrary Code
VUPEN/ADV-2007-2871: Microsoft Windows Media Player Remote Code Execution Issues (MS07-047)

Reported:

Aug 14, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page