|
Saturday, 17 October 2009 03:06 |
On Tuesday, Oct 13, Microsoft has released MS09-052 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112). This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Microsoft ratings for MS09-052: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution Exploitability Index - 1 - Consistent exploit code likely. Bulletins replaced by this update: MS08-076. MS09-052 addresses the following CVE: WMP Heap Overflow Vulnerability - CVE-2009-2527 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2527 A remote code execution vulnerability exists in Windows Media Player 6.4. An attacker could exploit the vulnerability by constructing a specially crafted ASF file that could allow remote code execution when played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could take complete control of an affected system. Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic
Source : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=971049&poid=
|
