Reported May 23, 2001, by Microsoft.

VERSIONS AFFECTED

  • Microsoft Windows Media Player 6.4 and 7.0 for Windows 2000, Windows NT, Windows Me, and Windows 9x

DESCRIPTION
An unchecked buffer vulnerability exists in how Windows Media Player processes Active Stream Redirector (.asx) files that can result in a buffer overflow. An attacker can use the vulnerability to run code on the vulnerable computer under the user's security context.

 

VENDOR RESPONSE

The vendor, Microsoft, has acknowledged this vulnerability and recommends that users of Windows Media Player 6.4 immediately apply the patch contained in Security Bulletin MS01-029. For users of version 7.0, Microsoft recommends an upgrade to version 7.1.

 

CREDIT
Discovered by Microsoft.