Reported February 8, 2005 by Microsoft

VERSIONS AFFECTED


  • Windows Media Player 9

  • Windows Messenger 5.0, 6.1, and 6.2

DESCRIPTION

Vulnerabilities exist because of the way the affected software handles PNG files. A remote intruder could use malicious Web content that contains corrupt or malformed PNG files to execute codeon the affected system. A successful exploit could allow the intruder to take complete control of the system.

VENDOR RESPONSE

Microsoft has released Security Bulletin MS05-009, "Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)," and a patch to correct the problem.

CREDIT
Carlos Sarraute of Core Security Technologies