---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Microsoft Windows Media Format Two Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA36596 VERIFY ADVISORY: http://secunia.com/advisories/36596/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows Media Format, which can be exploited by malicious people to compromise a vulnerable system. 1) An error exists in the handling of ASF file headers and can be exploited to trigger an invalid call to freed memory e.g. via a specially crafted file or specially crafted streaming content from a web site. 2) An error in the processing of MP3 meta-data can be exploited to corrupt memory e.g. via a specially crafted MP3 file or specially crafted streaming content from a web site. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. -- Windows Media Format Runtime -- Microsoft Windows 2000 Service Pack 4 with Windows Media Format Runtime 9.0: http://www.microsoft.com/downloads/details.aspx?familyid=02b9dc42-38c2-44b1-a77c-34854f4a86c4 Windows XP SP2 with Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, and Windows Media Format Runtime 11: http://www.microsoft.com/downloads/details.aspx?familyid=6ffc081e-f892-4818-acb9-6d79e15d473c Windows XP SP3 with Windows Media Format Runtime 9.0, Windows Media Format Runtime 9.5, and Windows Media Format Runtime 11: http://www.microsoft.com/downloads/details.aspx?familyid=31585f5a-9aaa-40da-b15a-11284b4b800c Windows XP Professional x64 Edition SP2 with Windows Media Format Runtime 9.5: http://www.microsoft.com/downloads/details.aspx?familyid=3780d565-d027-4f54-8fc0-05f5c3c6ba1a Windows XP Professional x64 Edition SP2 with Windows Media Format Runtime 9.5 x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=ce515188-db3c-4694-85da-177c8f76b68c Windows XP Professional x64 Edition SP2 with Windows Media Format Runtime 11: http://www.microsoft.com/downloads/details.aspx?familyid=9a465f92-3067-4a5a-9882-1fc2cf796c99 Windows Server 2003 SP2 with Windows Media Format Runtime 9.5: http://www.microsoft.com/downloads/details.aspx?familyid=4ab34e3d-34cb-4e35-a2da-b348ace8a8f7 Windows Server 2003 x64 Edition SP2 with Windows Media Format Runtime 9.5: http://www.microsoft.com/downloads/details.aspx?familyid=8654ee33-6083-447f-ae5b-43ef8d8b613d Windows Server 2003 x64 Edition SP2 with Windows Media Format Runtime 9.5 x64 Edition: http://www.microsoft.com/downloads/details.aspx?familyid=ce515188-db3c-4694-85da-177c8f76b68c Windows Vista, Windows Vista SP1 and SP2 with Windows Media Format Runtime 11 and Microsoft Media Foundation: http://www.microsoft.com/downloads/details.aspx?familyid=d2bdefcc-f6b9-47c3-a55d-a4f33f967828 Windows Vista x64 Edition (optionally with SP1 and SP2) with Windows Media Format Runtime 11 and Microsoft Media Foundation: http://www.microsoft.com/downloads/details.aspx?familyid=97f00b25-fb8f-4300-80c0-c63179f32182 Windows Server 2008 for 32-bit Systems (optionally with SP2) with Windows Media Format Runtime 11 and Microsoft Media Foundation: http://www.microsoft.com/downloads/details.aspx?familyid=9c111bff-aff6-4ff7-81f6-e736cfcbe3ed Windows Server 2008 for x64-based Systems (optionally with SP2) with Windows Media Format Runtime 11 and Microsoft Media Foundation: http://www.microsoft.com/downloads/details.aspx?familyid=59615c8b-a07f-4326-836d-f17b2fcc4695 -- Windows Media Services -- Windows Server 2003 SP2 with Windows Media Services 9.1: http://www.microsoft.com/downloads/details.aspx?familyid=61cd0581-c36e-4da6-ae95-41609adbe922 Windows Server 2003 x64 Edition SP2 with Windows Media Services 9.1: http://www.microsoft.com/downloads/details.aspx?familyid=67c46f26-e6df-4ba2-9c03-1590b31e454c Windows Server 2008 for 32-bit Systems (optionally with SP2) with Windows Media Services 2008: http://www.microsoft.com/downloads/details.aspx?familyid=2801f69b-37d0-4d0f-9632-31382b824d36 Windows Server 2008 for x64-based Systems (optionally with SP2) with Windows Media Services 2008: http://www.microsoft.com/downloads/details.aspx?familyid=7fad3793-174f-46db-9d0a-873a0ea8be65 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Peter Winter-Smith, NGS Software. 2) The vendor credits Hiroshi Noguchi, Alice Carroll fan club. ORIGINAL ADVISORY: MS09-047 (KB973812, KB968816, KB972554): http://www.microsoft.com/technet/security/Bulletin/MS09-047.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------