|
|
Window Media Player 处理.NSC文件存在问题
发布时间:2001-11-21
更新时间:2001-11-21
严重程度:高
威胁程度:普通用户访问权限
错误类型:设计错误
利用方式:客户机模式
受影响系统Microsoft Windows Media Player 7
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Windows Media Player 6.4
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft Windows Media Player 7.1
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows 2000
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000 SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
- Microsoft Windows NT 4.0SP7 详细描述
Window Media Player 在处理.NSC文件时候代码段对缓冲没有好的进行边界检查,
可以导致远程攻击者在目标系统中执行任意命令。
如果特殊构建的.NSC文件被用户访问,根据文件内容的不同,攻击者可以启动
拒绝服务或者任意代码执行。
测试代码
尚无
解决方案
下载补丁程序:
Microsoft Windows Media Player 7:
Microsoft Patch wm308567
http://download.microsoft.com/download/winmediaplayer/Update/308567/WIN98MeXP/EN-US/wm308567.exe
Microsoft Windows Media Player 6.4:
Microsoft Patch wm308567
http://download.microsoft.com/download/winmediaplayer/Update/308567/WIN98MeXP/EN-US/wm308567.exe
Microsoft Windows Media Player 7.1:
Microsoft Patch wm308567
http://download.microsoft.com/download/winmediaplayer/Update/308567/WIN98MeXP/EN-US/wm308567.exe
相关信息
Pauli Ojanpera <pauli_ojanpera@hotmail.com>
参考:
http://www.securityfocus.com/archive/1/187001
http://www.microsoft.com/technet/security/bulletin/MS01-042.asp
|
