Chase Mortgage Group

US-CERT Alerts: Public Exploit Code for Buffer Overflow Vulnerability in Microsoft Windows Media Player Plug-in for Non-IE Browsers

Public Exploit Code for Buffer Overflow Vulnerability in Microsoft Windows Media Player

February 17, 2006 -- US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in Windows Media Player plug-in for browsers other than Internet Explorer (IE).
The buffer overflow may be triggered if a user accesses a specially crafted HTML document. Successful exploitation may allow a remote attacker to execute arbitrary code with the privileges of the user.

Consolidate Student Loans More information can be found in the following US-CERT Vulnerability Note:

microsoft.exe is a process which is registered as GAOBOT Virus. It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down. //www.microsoft. 011.mspx.

Home Equity Loans * VU#692060 - Microsoft Windows Media Player plug-in buffer overflow

Not very long ago we posted about fixed vulnerabilities in QuickTime. Now another vulnerability has been discovered, Type header. RTSP is a protocol used to stream media. Unfortunately there's public exploit code available and no patch yet from Apple.

Quicktime Vulnerability>

Home Equity Loan Rates US-CERT urges users and administrators to implement the following recommendations:

Due to the lack of critical vulnerabilities in Microsoft Windows system services, Microsoft Office and Internet Explorer. Word, Excel and PowerPoint all fell victim to blackhats. In the course of the year the number of vulnerabilities amounted to over two dozen, and all of them were made public before Microsoft released a patch to fix the relevant vulnerability.

Homeowner Loans * Apply appropriate updates as instructed in the Microsoft Security Bulletin MS06-006.
* Review the workarounds listed in the Microsoft Security Bulletin MS06-006 to mitigate this vulnerability.

Public Exploit Code for Buffer Overflow Vulnerability in Microsoft Windows Media Player

February 16, 2006 -- US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in Windows Media Player. The vulnerability exists because Windows Media Player fails to properly validate bitmap image files. Exploitation may occur if a user takes any of the following actions:

Intel's Execute Disable Bit function can prevent certain classes of malicious "buffer overflow" attacks when combined with a supporting operating system. Execute Disable Bit allows the processor to classify areas in memory where application code can execute and where it cannot. When a malicious worm attempts to insert code in the buffer, the processor disables code execution, preventing damage or worm propagation.

Equity Loan Rates * Opens a specially crafted bitmap image file (.bmp) using Windows Media Player
* Opens a Windows Media Metafile, such as an ASX file, that references a bitmap image file (.bmp)
* Visits a specially crafted web page

In addition to working with Microsoft to certify Easy Media Creator, Sonic collaborated with the Windows Vista team to develop Roxio Central, one of the first applications that exploits the many benefits of Windows Presentation Foundation //www.roxio. default.html rich software experience. Sonic also provided its AuthorScript media engine, which enables CD and DVD burning functionality in Windows Vista.

Student Consolidation Loans Successful exploitation may allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user.

Second Mortgages More information can be found in the following US-CERT Vulnerability Note:

Federal Consolidation Loan * VU#291396 - Microsoft Windows Media Player vulnerable to buffer overflow in bitmap processing routine

Equity Loan US-CERT urges users and administrators to implement the following recommendations:

Refinancing With Bad Credit * Apply appropriate updates as instructed in the Microsoft Security Bulletin MS06-005.
* Review the workarounds listed in the Microsoft Security Bulletin MS06-005 to mitigate this vulnerability.

Home Equity Line Of Credit Source: US-CERT

[ Comment, Edit or Article Submission ]