Windows Media Player Could Allow Code Execution

By | June 14, 2006

A vulnerability exists in Windows Media Player (WMP) regarding the handling of PNG files. The flaw is located in WMP.DLL and will give a successful attacker the ability to execute arbitrary code with the context of the currently logged on user.

Although the application is not a remote listening service, the impact can still be serious. Attackers may host malformed PNG files on webservers in such a way that they will be handled by Windows Media Player when unsuspecting users click on them, leading to exploitation. Successful exploitation of this vulnerability could be utilized to gain unauthorized access to networks and machines. In turn this can lead to the exposure of confidential information, loss of productivity, and further network compromise.

A stack overflow vulnerability exists in a component of Windows Media Player (WMP) that a specially crafted PNG file could exploit. The vulnerability, which X-Force feels is trivial to exploit, is a result of unsafe handing of untrusted data. Although this vulnerability is not in a remotely listening service and not wormable, a crafty attacker can create a scenario where an unsuspecting user will download a malicious file and use WMP to view it. This would be an effective vulnerability to use in a targeted attack against an individual or enterprise.

Leave a Reply