Check Point Advisories

Update Protection against Microsoft Windows Media Player PNG Vulnerability (MS06-024)

Check Point Reference: CPAI-2006-079
Date Published: 5 Jul 2006
Severity: Critical
Last Updated: Tuesday 15 May, 2007
Source: Microsoft Security Bulletin MS06-024
Industry Reference:CVE-2006-0025
Protection Provided by:
Who is Vulnerable? Windows Media Player for XP on Microsoft Windows XP SP1
Windows Media Player 9 on Microsoft Windows XP SP2
Windows Media Player 10 on Microsoft Windows XP Professional x64 Edition 
Windows Media Player 9 on Microsoft Windows Server 2003
Windows Media Player 10 on Microsoft Windows Server 2003 SP1
Windows Media Player 10 on Microsoft Windows Server 2003 x64 Edition
Vulnerability Description Windows Media Player is a feature of the Windows operating system for personal computers. It is used for playing audio and video. The Portable Network Graphics (PNG) specification is an image format used as an alternative to other image formats such as the GIF and TIFF formats. Windows Media Player fails to handle the processing of PNG images. An attacker could exploit this by constructing specially crafted Windows Media Player content that could potentially allow remote code execution if a user visits a malicious Web site or clicks on a specially crafted WMZ file in an email message.
The protection outlined in this advisory is an enhancement to SmartDefense Malformed PNG protection published in June 22. 2005 in response to Microsoft Security Bulletin MS05-025.
Update/Patch AvaliableApply patches :
Microsoft Security Bulletin MS06-024
Vulnerability DetailsAn error in the handling of PNG image file chunks by Windows Media Player could allow attackers to execute arbitrary code. Windows Media Player uses a fixed-sized buffer in a function used when processing certain chunk types. No validation is performed on the length of the chunks. This may lead to a buffer overflow triggered when WMP interprets a PNG file with an excessive chunk size.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK