Windows Media player has a unchecked buffer that will allow for remote code execution if users view or open a specially crafted .bmp file. Keep in mind there are many ways for this to be exploited and .bmp files are not the only way. Microsoft states: “An attacker could also attempt to exploit this vulnerability by embedding a specially crafted Windows Media Player (.wmp) image within another file, such as a Word document and convince a user to open this document.”
Affected Software:
∙ Windows Media Player for XP on Microsoft Windows XP Service Pack 1
∙ Windows Media Player 9 on Microsoft Windows XP Service Pack 2
∙ Windows Media Player 9 on Microsoft Windows Server 2003
∙ Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Affected Components:
∙ Microsoft Windows Media Player 7.1 when installed on Windows 2000 Service Pack 4
∙ Microsoft Windows Media Player 9 when installed on Windows 2000 Service Pack 4 or Windows XP Service Pack 1
∙ Microsoft Windows Media Player 10 when installed on Windows XP Service Pack 1 or Windows XP Service Pack 2
Download patches now.
