Microsoft Windows Media Player ASF Heap Overflow Vulnerability (974112) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS09-052.

Impact

Successful exploitation could allow attackers to crash an affected player or execute arbitrary code on the affected application. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx

Insight

A heap-based overflow error occurs while processing malformed ASF files, which can be exploited by tricking a user into opening a malformed ASF file or visiting a malicious web page.

Affected

Microsoft Windows Media Player 6.4 Microsoft Windows 2K Service Pack 4 and prior. Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2K3 Service Pack 2 and prior.

References

http://support.microsoft.com/kb/974112
http://www.microsoft.com/technet/security/bulletin/MS09-052.mspx
http://www.vupen.com/english/advisories/2009/2888

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2527

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cumulative Patch for Internet Information Services (Q327696)
Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
Cumulative Security Update for Internet Explorer (928090)
Consent User Interface Privilege Escalation Vulnerability (2442962)
Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)

Take action and discover your vulnerabilities