Microsoft downplays Windows Media Player bug

By on December 30, 2008, 11:10 AM
According to a recent report by Security Tracker, several versions of Windows Media Player, including the latest version, 11, are affected by a security bug that could be exploited remotely via a specially crafted SND, MIDI or WAV file to trigger an integer overflow. The flaw was first spotted by security researcher Laurent Gaffie, who posted the report along with proof of concept code that would supposedly allow remote code execution on vulnerable systems.

But while Microsoft officials conceded the flaw could trigger a crash, they found no possibility of arbitrary code execution. Moreover, the company criticized Gaffie for publishing his claims to a public mailing list without first contacting the software giant to clear up confusion about the vulnerability. According to Microsoft, the flaw is a “reliability issue with no security risk to customers” which had already been identified during routine code maintenance and addressed in Windows Server 2003 SP2.




User Comments: 1

Got something to say? Post a comment
MichaelLS said:
Sigh - Install iTunes people! Use QuickTime!This is getting terribly old Micro$oft.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.