Overview
There is a buffer overflow in the parsing of Active Stream Redirector (.ASX) files. This buffer overflow may allow a remote attacker to execute arbitrary code when a user views a malicious web page.
Description
There is a buffer overflow in the processing of Active Stream Redirector (.ASX) files in Windows Media Player version 6.4 and 7. An Active Stream Redirector is a file type used by Windows Media Player to determine where a media stream can be found on the Internet, and how to play it. A newer variant of this vulnerability is described in VU#187528 and MS01-029. |
Impact
An attacker may be able to execute arbitrary code on vulnerable systems when the user visits a web page. |
Solution
Apply a Patch |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Ollie Whitehouse of @Stake for discovering this vulnerability.
This document was written by Cory F. Cohen.
Other Information
| CVE IDs: | CVE-2000-1113 |
| Severity Metric: | 4.43 |
| Date Public: | 2000-11-22 |
| Date First Published: | 2002-09-27 |
| Date Last Updated: | 2002-09-27 17:47 UTC |
| Document Revision: | 16 |