Microsoft Windows Media Player ASF File Arbitrary Code Execution

2003-07-23T00:00:00
ID OSVDB:3067
Type osvdb
Reporter OSVDB
Modified 2003-07-23T00:00:00

Description

Vulnerability Description

Microsoft Windows Media Player allows a remote attacker to execute code on a vulnerable system via malicious ASF files. The specially created file can be delivered via an IFRAME (email or web page) and would automatically be run by the victim. The flaw is due to the fact that WMP will execute untrusted content in the context of "Local Zone".

Technical Description

AKA "WMP local file bounce"

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch (828750) to address this vulnerability.

At this time, the patch will prevent Microsoft Internet Explorer from opening untrusted ASF files, but it does not address other delivery methods such as e-mail.

Short Description

Microsoft Windows Media Player allows a remote attacker to execute code on a vulnerable system via malicious ASF files. The specially created file can be delivered via an IFRAME (email or web page) and would automatically be run by the victim. The flaw is due to the fact that WMP will execute untrusted content in the context of "Local Zone".

References:

Microsoft Security Bulletin: MS03-040 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-07/0311.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-07/0298.html ISS X-Force ID: 12724 CVE-2003-0604 Bugtraq ID: 8263