----------------------------------------------------------------------


  Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
Windows Media Player Hosted Media Content Handling Vulnerability

SECUNIA ADVISORY ID:
SA39380

VERIFY ADVISORY:
http://secunia.com/advisories/39380/

DESCRIPTION:
A vulnerability has been reported in Windows Media Player, which can
be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a use-after-free error in the
Windows Media Player ActiveX control when retrieving a codec for an
unknown fourCC compression code. This can be exploited by tricking a
user into accessing a web page hosting media content where the
control is removed from the page while the codec is requested from
Microsoft.

Successful exploitation allows execution of arbitrary code.

SOLUTION:
Apply patches.

Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=C0B8B362-A321-4AC9-BE98-15C71BB7A043

Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=5C748C6D-84D1-45A9-8A33-9372EB5504D5

Windows XP SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=9E4277B4-2DC5-4163-A6AA-7E07DD32B721

PROVIDED AND/OR DISCOVERED BY:
An anonymous person via ZDI.

CHANGELOG:
2010-04-14: Added additional information provided by ZDI.

ORIGINAL ADVISORY:
MS10-027 (KB979402):
http://www.microsoft.com/technet/security/bulletin/MS10-027.mspx

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-10-070/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------