Microsoft Disputes Claim of Windows Media Player Vulnerability
Microsoft says reports of a remote code execution vulnerability in Windows Media Player are false. Rumors of the flaw surfaced last week on the Web.Microsoft is denouncing a security researcher's claim of a remote code execution flaw affecting Windows Media Player. Reports of the vulnerability surfaced last week on the SecurityTracker vulnerability notification service. According to the initial report, a bug in Windows Media Player could be exploited remotely via a specially crafted SND, MIDI or WAV file to trigger an integer overflow. In that situation, the researcher alleged, a hacker could execute arbitrary code.
A subsequent posting on the SANS Internet Storm Center Web site over the weekend stated a reader had tested proof-of-concept code on a fully patched Windows XP Service Pack 3 system and caused Windows Media Player 9 and 11 to crash.