Microsoft denies Windows Media Player flaw
Published: 30 Dec 2008 08:11 GMT
Microsoft on Monday denounced reports that a vulnerability exists in Windows Media Player that could pose a security risk for users.
Microsoft said in a company blog post that it had investigated reports that surfaced on the internet last week and found them to be "false". The flaw is a "reliability issue with no security risk to customers", the company said on its Security Vulnerability Research & Defense blog.
The investigation followed claims published on Wednesday on the Bugtraq security mailing list by researcher Laurent Gaffie that a vulnerability existed in Windows Media Player 9, 10 and 11. Gaffie said the vulnerability would allow a hacker to create a malformed WAV, SND or Midi file to create a denial of service, and included a proof-of-concept code.
Along with the denial, Microsoft criticised Gaffie for publishing his claims without first contacting the company.
"The security researcher making the initial report didn't contact us or work with us directly but instead posted the report along with proof-of-concept code to a public mailing list," said Microsoft.
"After that report, other organisations picked the report up and claimed that the issue was a code-execution vulnerability in Windows Media Player. Those claims are false. We've found no possibility for code execution in this issue. Yes, the proof-of-concept code does trigger a crash of Windows Media Player, but the application can be restarted right away and doesn't affect the rest of the system," Microsoft said.
The company said that the flaw had already been identified during routine code maintenance and corrected in Windows Server 2003 Service Pack 2.
Credit: Microsoft denies vulnerability in Windows Media Player from CNET News
Did you find this article useful?
12 out of 12 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
