Microsoft Windows Media Player PNG File Overflow

2005-02-08T00:00:00
ID OSVDB:13597
Type osvdb
Reporter OSVDB
Modified 2005-02-08T00:00:00

Description

Vulnerability Description

A remote overflow exists in Windows Media Player. The program fails to validate PNG files with excessive height and width values resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Windows Media Player. The program fails to validate PNG files with excessive height and width values resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Security Tracker: 1013115 Secunia Advisory ID:14174 Microsoft Security Bulletin: MS05-009 Microsoft Knowledge Base Article: 890261 ISS X-Force ID: 19252 CVE-2004-1244