Two vulnerabilities have been reported in Microsoft Windows Media Player which could be exploited by an attacker to take complete control of the system.
ASX Advanced Stream Redirector format is a type of XML metafile designed to store a list of Windows Media files to play during a multimedia presentation.
The vulnerability is caused due to heap overflow error while handling REF HREF URLs within ASX files by Windows Media Playback/Authoring library WMVCORE.DLL . For details refer to civn-2006-126.htm
The Microsoft Windows Media Format Runtime provides information and tools for applications which uses Windows Media content. ASF Advanced Systems Format is a file format that stores audio and video information and is specially designed to run over networks like the Internet.
The vulnerability caused due to buffer overflow error in ASF files while handled by Windows Media Format Runtime.
The attacker could exploit these vulnerabilities by creating and hosting specially crafted malicious web pages and persuading users to visit the website typically by getting them click on a link. Successful exploitation allows an attacker to execute arbitrary code under the privileges of user of the affected system and gives complete control of the system if user has logged in with administrative privileges.
The information provided herein is on "as is" basis, without warranty of any kind.