Microsoft downplays Windows Media Player bug

From InfoWorld: Microsoft Tuesday dismissed reports of a critical vulnerability in its Windows Media Player , saying that the researcher who claims the bug could be exploited is wrong.

The flaw is a "reliability issue with no security risk to customers," Microsoft researchers said.

According to researcher Laurent Gaffi, the vulnerability could be used by hackers armed with malformed .wav, .snd, or .mid audio files to compromise a PC running Windows XP or Vista .

Several editions of Windows Media Player, including Versions 9, 10 and the newest, 11, are vulnerable, Gaffi reported in his disclosure on Dec. 24 to the Bugtraq security mailing list. Gaffi also included proof-of-concept attack code that he said would allow remote code execution.

Microsoft disputed Gaffi's findings, and took him to task for publishing information about the vulnerability before he reported it to company security researchers.

View: Article @ Source Site