Microsoft KB Archive/280419

= Patch Available for &quot;.asx Buffer Overrun&quot; and &quot;.wms Script Execution&quot; Vulnerabilities =

Article ID: 280419

Article Last Modified on 6/6/2007

-

APPLIES TO


 * Microsoft Windows Media Player 6.4
 * Microsoft Windows Media Player 7.0

-



This article was previously published under Q280419



SYMPTOMS
Microsoft has released a patch that eliminates two security vulnerabilities in Windows Media Player. These vulnerabilities may enable a malicious user to cause a program to run on another user's computer.

The two vulnerabilities discussed in this article are unrelated to each other except that they both affect Windows Media Player. They are packaged in one downloadable file to make it easier for you to apply. The vulnerabilities include:
 * The &quot;.asx Buffer Overrun&quot; vulnerability. Windows Media Player supports Active Stream Redirector (.asx) files so that users can play streaming media that resides on intranet or Internet sites. However, the code that parses .asx files has an unchecked buffer that can allow a malicious user to run code on the computer of another user. The malicious user might either send an affected file to another user to run or preview, or the malicious user might host an affected file on a Web site and cause the file to run automatically when a user visits the site. The code can take any action on the computer that the legitimate user might take.
 * The &quot;.wms Script Execution&quot; vulnerability. Windows Media Player 7 introduced a skins feature that allows customization of how Windows Media Player looks. However, a custom skin (.wms) file can potentially include script, which can run if the user runs Windows Media Player and selects that skin. A malicious user can either send a customized skin that contains script to another user, or the malicious user can host a customized skin on a Web site and cause it to run automatically when a user visits the site. Because the code can be located on the user's local computer, the code can run ActiveX controls, including ActiveX controls that are not marked as safe for scripting. When this occurs, the code can take any action on the computer that can be accomplished by using an ActiveX control.



Windows Media Player 7
NOTE: An updated package was released on February 12, 2000.

The following file is available for download from the Microsoft Download Center:

Download Wmsu38041.exe now

NOTE: This update also corrects the problem discussed in the following Microsoft Knowledge Base article:

287045 Patch Available for Windows Media Player Skins File Download Vulnerability

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. The English version of this fix should have the following file attributes or later:   Date        Time    Version     Size       File name ---  02/06/2001  12:44p  7.0.0.1959    827,664  Wmpcore.dll 02/06/2001 12:51p  7.0.0.1959    348,432  Wmplayer.exe 02/06/2001 12:51p  7.0.0.1959  1,134,864  Wmpui.dll

Windows Media Player 6.4
The following file is available for download from the Microsoft Download Center:

Download Wmsu33995.exe now

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on secure servers that prevent any unauthorized changes to the file.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



Windows 95/Windows 98/Windows NT 4.0 Dxmasf.dll file

 * Windows 95/Windows 98/Windows NT 4.0 original version:

6.4.7.1112 shp 498,448 12-14-1999 Dxmasf.dll
 * Original release of Windows 95/Windows 98/Windows NT 4.0 patched version:

6.4.7.1112 shp 838,656 11-15-2000 Dxmasf.dll
 * Updated release of Windows 95/Windows 98/Windows NT 4.0 patched version:

6.4.7.1113 shp 525,008 12-06-2000 Dxmasf.dll

For more information about this problem, view the following Microsoft Security Bulletin Web site:

http://www.microsoft.com/technet/security/bulletin/MS00-090.mspx

For additional security-related information about Microsoft products, view the following Microsoft Security Web site:

http://www.microsoft.com/technet/security

Additional query words: hotfix broken wmp secbulletin

Keywords: kbbug kbfix kbgraphxlinkcritical kbqfe KB280419

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.