Thursday, December 07, 2006

Public Proof of Concept Code for ASX File Format Issue

The Microsoft Security Research Center has reported that they are aware of the Public Proof of Concept Code for ASX File Format Iss[s]ue. The MS Security Group reports they are currently investigating this report and are not currently aware of attempts to exploit this vulnerability.

"The ASX file format is an XML-based media file format which is processed by Windows Media Player. An attacker could construct a malformed ASX file and use it to cause Media Player to overrun a heap-allocated buffer, potentially leading to remote code execution.

We are also investigating other attack vectors to reach the same vulnerable code.

As part of our investigation, we are working with our MSRA partners to monitor and secure the ecosystem."

No comments: