Alerts
Exploits Circulating for Windows Media Player BMP Heap Overflow Vulnerability
Date:
February 16, 2006
Severity:
High
Systems Affected:
Windows NT 4.0
Windows 98 / ME
Windows 2000 SP4
Windows XP SP1 / SP2
Windows 2003
Overview:
eEye Digital Security is advising its users to the existence of two examples of exploit code that target a critical security vulnerability in Microsoft Windows® Media Player. These exploits pertain to the Media Player flaw discovered by eEye's Research Team, Windows Media Player BMP Heap Overflow, that was patched by Microsoft this past Tuesday. The Microsoft Security Bulletin about this vulnerability can be found here: http://www.microsoft.com/technet/security/bulletin/MS06-005.mspx.
These exploits, which only took one day to surface, mark a growing trend of attacks that target consumer-oriented applications rather than the operating system itself. It is becoming increasingly common to see focused and targeted attacks that do not require the use of a virus or worm to be successful, as these attacks use social engineering to fool users into having spyware or malware unknowingly installed on their systems. Secondly, these malicious attackers are circumventing network-level security technologies by using file-format vulnerabilities to exploit users.
Exploitable via an unchecked buffer in Windows Media Player, both versions of the exploit are already in the wild and are actively being used maliciously. An attacker could exploit this flaw by having a specially crafted .asx file (ASX files are textual command files that manage streaming of ASF files) call a .bmp file to force Windows Media Player to run an embedded player within Internet Explorer. Once the .asx file calls the malicious .bmp file, the system is compromised.
The first and more harmful exploit could allow an attacker to take complete control of a compromised system and execute harmful action remotely, including installing programs, viewing, changing or deleting data. The second exploit is a denial-of-service attack that causes Windows Media Player to crash.
Prevention:
eEye Digital Security's Research Team has confirmed that Blink® protects from the potential exploitation of this Windows Media Player flaw without requiring invasive firewalling. The result is 100% protection, with zero downtime or impact to operations. Current Blink customers are not required to do anything to realize the protection from this flaw. No updates or policy changes are required.
Users interested in protecting their systems with Blink can download an evaluation here.
This alert was last updated on February 16, 2006.
February 16, 2006
Severity:
High
Systems Affected:
Windows NT 4.0
Windows 98 / ME
Windows 2000 SP4
Windows XP SP1 / SP2
Windows 2003
Overview:
eEye Digital Security is advising its users to the existence of two examples of exploit code that target a critical security vulnerability in Microsoft Windows® Media Player. These exploits pertain to the Media Player flaw discovered by eEye's Research Team, Windows Media Player BMP Heap Overflow, that was patched by Microsoft this past Tuesday. The Microsoft Security Bulletin about this vulnerability can be found here: http://www.microsoft.com/technet/security/bulletin/MS06-005.mspx.
These exploits, which only took one day to surface, mark a growing trend of attacks that target consumer-oriented applications rather than the operating system itself. It is becoming increasingly common to see focused and targeted attacks that do not require the use of a virus or worm to be successful, as these attacks use social engineering to fool users into having spyware or malware unknowingly installed on their systems. Secondly, these malicious attackers are circumventing network-level security technologies by using file-format vulnerabilities to exploit users.
Exploitable via an unchecked buffer in Windows Media Player, both versions of the exploit are already in the wild and are actively being used maliciously. An attacker could exploit this flaw by having a specially crafted .asx file (ASX files are textual command files that manage streaming of ASF files) call a .bmp file to force Windows Media Player to run an embedded player within Internet Explorer. Once the .asx file calls the malicious .bmp file, the system is compromised.
The first and more harmful exploit could allow an attacker to take complete control of a compromised system and execute harmful action remotely, including installing programs, viewing, changing or deleting data. The second exploit is a denial-of-service attack that causes Windows Media Player to crash.
Prevention:
eEye Digital Security's Research Team has confirmed that Blink® protects from the potential exploitation of this Windows Media Player flaw without requiring invasive firewalling. The result is 100% protection, with zero downtime or impact to operations. Current Blink customers are not required to do anything to realize the protection from this flaw. No updates or policy changes are required.
Users interested in protecting their systems with Blink can download an evaluation here.
This alert was last updated on February 16, 2006.
