发布时间 :2001-12-06 00:00:00
修订时间 :2017-10-09 21:29:51

[原文]Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.

[CNNVD]Microsoft Windows Media Player .AS标记缓冲区溢出漏洞(CNNVD-200112-051)

        Microsoft Windows Media Player 6.4存在缓冲区溢出漏洞。远程攻击者可以借助一个畸形Advanced Streaming Format (ASF)文件执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:287Windows Media Player Buffer Overflow via ASF

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20010807 MS Windows Media Player ASF Marker Buffer Overflow
(UNKNOWN)  XF  mediaplayer-asf-marker-bo(6962)
(UNKNOWN)  BID  3156

- 漏洞信息

Microsoft Windows Media Player .AS标记缓冲区溢出漏洞
高危 缓冲区溢出
2001-12-06 00:00:00 2005-05-02 00:00:00
        Microsoft Windows Media Player 6.4存在缓冲区溢出漏洞。远程攻击者可以借助一个畸形Advanced Streaming Format (ASF)文件执行任意代码。

- 公告与补丁

        The version of Windows Media Player that ships with Windows XP does contain some vulnerable components, users are encouraged to download the Critical Update for Windows XP released October 25, 2001.
        Microsoft has released a patch which addresses this issue:
        Microsoft Windows Media Player XP
        Microsoft Windows Media Player 6.4
        Microsoft Windows Media Player 7.0
        Microsoft Windows Media Player 7.1

- 漏洞信息

Microsoft Windows Media Player Advanced Streaming Format Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A remote overflow exists in Microsoft Media Player. Media Player fails to handle an unusually long marker embedded in an .ASF file resulting in a buffer overflow. With a specially crafted request, an attacker can cause Media Player to crash or execute arbitrary code resulting in a loss of integrity or availability.

- 时间线

2001-08-07 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者