According to a recent report by Security Tracker, several versions of Windows Media Player, including the latest version, 11, are affected by a security bug that could be exploited remotely via a specially crafted SND, MIDI or WAV file to trigger an integer overflow. The flaw was first spotted by security researcher Laurent Gaffie, who posted the report along with proof of concept code that would supposedly allow remote code execution on vulnerable systems.
But while Microsoft officials conceded the flaw could trigger a crash, they found no possibility of arbitrary code execution. Moreover, the company criticized Gaffie for publishing his claims to a public mailing list without first contacting the software giant to clear up confusion about the vulnerability. According to Microsoft, the flaw is a “reliability issue with no security risk to customers” which had already been identified during routine code maintenance and addressed in Windows Server 2003 SP2.