|Check Point Reference:||CPAI-2006-079|
|Date Published:||5 Jul 2006|
|Last Updated:||15 May 2007|
|Source:||Microsoft Security Bulletin MS06-024|
|Protection Provided by:|
|Who is Vulnerable?|| Windows Media Player for XP on Microsoft Windows XP SP1|
Windows Media Player 9 on Microsoft Windows XP SP2
Windows Media Player 10 on Microsoft Windows XP Professional x64 Edition
Windows Media Player 9 on Microsoft Windows Server 2003
Windows Media Player 10 on Microsoft Windows Server 2003 SP1
Windows Media Player 10 on Microsoft Windows Server 2003 x64 Edition
|Vulnerability Description||Windows Media Player is a feature of the Windows operating system for personal computers. It is used for playing audio and video. The Portable Network Graphics (PNG) specification is an image format used as an alternative to other image formats such as the GIF and TIFF formats. Windows Media Player fails to handle the processing of PNG images. An attacker could exploit this by constructing specially crafted Windows Media Player content that could potentially allow remote code execution if a user visits a malicious Web site or clicks on a specially crafted WMZ file in an email message.
The protection outlined in this advisory is an enhancement to SmartDefense Malformed PNG protection published in June 22. 2005 in response to Microsoft Security Bulletin MS05-025.
|Update/Patch Avaliable||Apply patches :|
Microsoft Security Bulletin MS06-024
|Vulnerability Details||An error in the handling of PNG image file chunks by Windows Media Player could allow attackers to execute arbitrary code. Windows Media Player uses a fixed-sized buffer in a function used when processing certain chunk types. No validation is performed on the length of the chunks. This may lead to a buffer overflow triggered when WMP interprets a PNG file with an excessive chunk size.|