----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)  

If not, then implement it through the most reliable vulnerability
intelligence source on the market. 

Implement it through Secunia. 

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com

----------------------------------------------------------------------

TITLE:
Microsoft Windows Media Runtime Code Execution Vulnerability

SECUNIA ADVISORY ID:
SA36938

VERIFY ADVISORY:
http://secunia.com/advisories/36938/

DESCRIPTION:
Two vulnerabilities have been reported in Microsoft Windows, which
can be exploited by malicious people to compromise a vulnerable
system.

1) An unspecified error in Windows Media Runtime within the
processing of Advanced Systems Format (ASF) files can be exploited to
execute arbitrary code e.g. when a user opens a specially crafted
audio file.

2) A vulnerability is caused due to Microsoft Windows Media Runtime
not properly initialising certain functions when processing
compressed audio files. This can be exploited to corrupt memory when
a user opens a specially crafted media file or receives specially
crafted streaming content from a web site.

Successful exploitation allows execution of arbitrary code.

SOLUTION:
Apply patches.

Microsoft Windows 2000 SP4 with DirectShow WMA Voice Codec:
http://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b

Microsoft Windows 2000 SP4 with Windows Media Audio Voice Decoder:
http://www.microsoft.com/downloads/details.aspx?familyid=8f850a82-61f9-447b-a0aa-a2c192cc5d2e

Microsoft Windows 2000 SP4 with Audio Compression Manager:
http://www.microsoft.com/downloads/details.aspx?familyid=6dfd5405-cabe-4bd7-9330-b6bde1d99194

Windows XP SP2 / SP3 with DirectShow WMA Voice Codec:
http://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b

Windows XP SP2 with Windows Media Audio Voice Decoder:
http://www.microsoft.com/downloads/details.aspx?familyid=4516c219-e357-485e-a52b-23dcb8ee49d8

Windows XP SP2 / SP3 with Audio Compression Manager:
http://www.microsoft.com/downloads/details.aspx?familyid=6ecc7129-8caa-4daf-a8e2-8f3536225fb3

Windows XP Service Pack 3 with Windows Media Audio Voice Decoder:
http://www.microsoft.com/downloads/details.aspx?familyid=746d3440-5a6a-421e-9286-7b534a1dfe54

Windows XP Professional x64 Edition SP2 with DirectShow WMA Voice
Codec:
http://www.microsoft.com/downloads/details.aspx?familyid=c116ae9d-e416-4b7d-be75-4b4b2ebcc33a

Windows XP Professional x64 Edition SP2 with Windows Media Audio
Voice Decoder:
http://www.microsoft.com/downloads/details.aspx?familyid=4729de51-8fd8-46c6-b4ad-9c9f25202684

Windows XP Professional x64 Edition SP2 with Windows Media Audio
Voice Decoder in Windows Media Format SDK 9.5 x64 Edition:
http://www.microsoft.com/downloads/details.aspx?familyid=fe0d51b2-345e-4eb7-a036-d8c3f6a683d2

Windows XP Professional x64 Edition SP2 with Windows Media Audio
Voice Decoder in Windows Media Format SDK 11:
http://www.microsoft.com/downloads/details.aspx?familyid=a866a490-6d3a-4ecd-acf4-770312ba2fd6

Windows XP Professional x64 Edition SP2 with Audio Compression
Manager:
http://www.microsoft.com/downloads/details.aspx?familyid=46daf7c7-1cd3-4f47-9c7a-d5eb6ea7327b

Windows Server 2003 SP 2 with DirectShow WMA Voice Codec:
http://www.microsoft.com/downloads/details.aspx?familyid=4fe0dff5-04d9-4409-8d1d-52419537126b

Windows Server 2003 SP 2 with Windows Media Audio Voice Decoder:
http://www.microsoft.com/downloads/details.aspx?familyid=00b3cb86-c9eb-4fbe-987e-2b0d94271d87

Windows Server 2003 SP 2 with Audio Compression Manager:
http://www.microsoft.com/downloads/details.aspx?familyid=ab1803ff-2371-487f-a7b6-95747c46ba4e

Windows Server 2003 x64 Edition SP2 with DirectShow WMA Voice Codec:
http://www.microsoft.com/downloads/details.aspx?familyid=c116ae9d-e416-4b7d-be75-4b4b2ebcc33a

Windows Server 2003 x64 Edition SP2 with Windows Media Audio Voice
Decoder:
http://www.microsoft.com/downloads/details.aspx?familyid=13ba4839-7fa9-4bbb-95f6-3fafb6c49f20

Windows Server 2003 x64 Edition SP2 with Windows Media Audio Voice
Decoder in Windows Media Format SDK 9.5 x64 Edition:
http://www.microsoft.com/downloads/details.aspx?familyid=fe0d51b2-345e-4eb7-a036-d8c3f6a683d2

Windows Server 2003 x64 Edition SP2 with Audio Compression Manager:
http://www.microsoft.com/downloads/details.aspx?familyid=46daf7c7-1cd3-4f47-9c7a-d5eb6ea7327b

Windows Vista, Windows Vista SP1 / SP2 with Windows Media Audio Voice
Decoder:
http://www.microsoft.com/downloads/details.aspx?familyid=f17ee0ea-f1e2-49f4-9f90-60296246ddfe

Windows Vista x64 Edition, Windows Vista x64 Edition SP1 / SP2 with
Windows Media Audio Voice Decoder:
http://www.microsoft.com/downloads/details.aspx?familyid=26905f12-92c7-4d45-99e7-227f03d2cb82

Windows Server 2008 for 32-bit Systems (optionally with SP2) with
Windows Media Audio Voice Decoder:
http://www.microsoft.com/downloads/details.aspx?familyid=2eaa9857-a147-4f31-9bf4-b9e2cf4c15c3	

Windows Server 2008 for x64-based Systems (optionally with SP2) with
Windows Media Audio Voice Decoder:
http://www.microsoft.com/downloads/details.aspx?familyid=70aabba3-53d6-4b52-be83-6d3f3869ecbd

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Ivan Fratric of the Zero Day Initiative and Jun
Xie of McAfee Avert Labs.
2) The vendor credits Vinay Anantharaman of Adobe Systems, Inc.

ORIGINAL ADVISORY:
MS09-051 (KB975682, KB969878, KB954155, KB975025):
http://www.microsoft.com/technet/security/bulletin/MS09-051.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------