Critical Microsoft Windows Media Player RTSP Vulnerability
( Microsoft Security Bulletin MS10-075, CVE-2010-3225 )
Summary
A critical remote code execution vulnerability has been reported in Microsoft Windows Media Player network sharing service. An attacker may exploit this flaw and execute arbitrary code on a targeted machine.
Details
Windows Media Player (WMP) is a digital media player and media library management application developed by Microsoft. WMP's Network Sharing Service utilizes the Network Service account that is built into Microsoft Windows. Although this account has fewer access privileges on the system that it is running on than a standard user account, it is still able to interact throughout the network with the credentials of that system.
The vulnerability is due to the way Microsoft Windows Media Network Sharing Service processes Real Time Streaming Protocol (RTSP) packets. A remote attacker could exploit this vulnerability by creating a specially crafted RTSP packet and sending it to an affected system, potentially giving the attacker complete control of that system.
Products Affected
Windows Media Player 11 on:
- Windows Vista SP1
- Windows Vista SP2
- Windows Vista x64 Edition SP1
- Windows Vista x64 Edition SP2
Windows Media Player 12 on:
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
Solution
Check Point IPS Software Blade and NGX SmartDefense provide immediate network protection in the latest IPS update by detecting and blocking overly large requests made to the vulnerable service. For more information, see CPAI-2010-289.
Originally Published:
Last Updated: 15-Oct-2010