HighRealSecure Network, RealSecure Server Sensor, BlackICE Server Protection, BlackICE PC Protection, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network IPS, Proventia Desktop, Proventia Server IPS for Linux technology, RealSecure Desktop, Virtual Server Protection for Vmware:
This signature detects a malformed or excessively long URI in an .asx file that could cause a buffer overflow in Windows Media Player.
High
RealSecure Network: XPU 24.52, RealSecure Server Sensor: XPU 24.52, BlackICE Server Protection: 3.6.cpx, BlackICE PC Protection: 3.6cpx, Proventia Network MFS: XPU 1.91, IBM Security Server Protection for Windows: 1.0.914.1920, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia-G 1.1 and earlier: XPU 24.52, Proventia Network IDS: XPU 24.52, Proventia Network IPS: XPU 1.91, Proventia Desktop: 1920, Proventia Server IPS for Linux technology: 1.91, RealSecure Desktop: epx, Virtual Server Protection for Vmware: 1.0
Microsoft Windows Media Format Runtime: 9.5 x64, Microsoft Windows Media Format Runtime: 7.1, Microsoft Windows Media Format Runtime: 9, Microsoft Windows Media Format Runtime: 9.5
Unauthorized Access Attempt
Windows Media Player is vulnerable to a heap-based buffer overflow in the WMVCORE.DLL library, caused by improper bounds checking of "REF HREF" URLs in Advanced Stream Redirector (.ASX) files. By creating a malformed ASX file and persuading a victim to open the file, a remote attacker could overflow a buffer and cause the application to crash or execute arbitrary code on the system with the privileges of the victim. An attacker could exploit this vulnerability by hosting the malicious file on a Web site or sending it as an email attachment.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
BugTraq Mailing List, Wed Nov 22 2006 - 03:08:04 CST
Windows Media ASX PlayList File Denial Of Service Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2006-11/0451.html
EEYEZD-20061122
ASX Playlist
http://research.eeye.com/html/alerts/zeroday/20061122.html
IBM Internet Security Systems Protection Alert, Dec. 6, 2006
Windows Media Player ASX playlist buffer overflow
http://www.iss.net/threats/241.html
Microsoft Security Bulletin MS06-078
Vulnerability in Windows Media Player Could Allow Remote Code Execution (923689)
http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx
Microsoft Security Bulletin MS07-068
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
ISS X-Force
Microsoft Windows Media Player ASX playlist buffer overflow
http://www.iss.net/security_center/static/30586.php
CVE
CVE-2006-6134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6134