New Updates Released For Windows Media Player

News

Contributed by: Lauren Gerber
Date: August 12, 2009

	-1 Vote 0	New Updates Released For Windows Media Player

Microsoft Windows Media Player supports a variety of file formats which makes it easy and simple to use. Due to the factor that it supports different file formats, it is the media player of choice for many people. One of the popular file formats which is very popular for playing in Windows Media Player is the AVI format. AVI file formats support both multiple streaming audio as well as video. I am here to break the news that two vulnerabilities have recently been confirmed in the AVI media files. Yes that is correct, 'Microsoft Windows AVI media file parsing' vulnerabilities have emerged.

These vulnerabilities allow for illegitimate remote code execution, when a victim opens a manipulated AVI file. An alarming aspect to consider is that, if a victim happens to be logged on with administrative privileges, a malicious online attacker could take full advantage of the vulnerabilities and take complete control of the victims system. Once an attacker is able to take control of a system, the sky is the limit. The attacker will then be able to change, create, delete as well as gain confidential information from the users' account, with full user rights.

A security update has been released for these vulnerabilities, it adequately corrects the way in which the AVI headers are processed and the way in which AVI data is validated. If you have automatic updating enabled on your machine this security update will be installed and updated automatically. If you don't have automatic updating enabled, then it is vital that you check for updates and manually install the relevant updates yourself.

Some versions of Windows that this vulnerability affects:

Microsoft Windows 2000

Windows XP

Windows Server 2003

Windows Vista

Windows Server 2008

Microsoft Windows XP Home Edition

Microsoft Windows XP Professional

Table 1. Affected versions of Windows

These vulnerabilities have been rated as highly critical and the impact of unauthorized remote system access is not something you want to play with. Some of the files of Windows Media Player include: wmp10_wmpband.dll, wmp10_wmplayer.exe as well as wmp10_wmploc.dll. These vulnerabilities affect various Windows software versions with the inclusion of Microsoft Windows server 2003. Some of the files of Microsoft Windows server 2003 include: a302.sys, a310.sys, CORPerfMonExt.dll and CustomMarshalers.dll. It is imperative that you take note of the patches and apply them where applicable in order to enjoy a safe and secure Windows Media Player entertainment session.

Resources:
Microsoft Help and Support AVI.
Wikipedia on AvI.
The original advisory.

User Comments

Featured Videos

Modify hosts file

From: PC1News Videos

Added: June 13, 2009

Software Downloads

SpyHunter V.3

Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.

Download now

Registry Mechanic 8

Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.

Download now

SpywareBlaster 4.1

The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.

Download now