Microsoft investigating Windows Media Player flaws

Share this article:

Microsoft this week warned Windows Media Player users that a flaw in the program is susceptible to proof-of-concept malicious code.

Redmond is investigating reports of PoC code using Windows Media ASX files, although the company is not aware of any attacks.

A malicious user could employ a corrupted file to cause Media Player to overrun a heap-allocated bugger, potentially leading to remote code execution, according to a post on the Microsoft Security Response Center blog by researcher Alexandra Huft.

An attacker could use the flaw to cause a DoS attack or compromise a user's system, according to a Secunia report.

The flaw is caused by a boundary error when handling "REF HREF" tags in ASX playlists. It has been reported in version 10.00.00.4036.

Earlier this week, Microsoft revealed that it will release six security fixes on Tuesday as part of its monthly patch distribution.

The software giant did not say it would release a Patch Tuesday fix for a recently discovered flaw in Microsoft Word, despite active attacks against the vulnerability in the wild.

Click here to email Frank Washkuch Jr.
Share this article:

Sign up to our newsletters

More in News

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

POS malware risks millions of payment cards for ...

An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.

Phishing scam targets Michigan public schools

Unknown attackers used the finance director's email account to request wire transfers from the school district's accounting department.

Contempt order against Lavabit still stands, appeals court rules

Contempt order against Lavabit still stands, appeals court ...

A federal appeals court backed an earlier ruling penalizing the email service.