Workaround for Windows Media Player Sampling Rate Vulnerability (MS08-054)
| Check Point Reference: | SBP-2008-10 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS08-054 | |
| Industry Reference(s): | CVE-2008-2253 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Windows XP SP2 Windows XP SP3 Windows XP Professional x64 Edition Windows XP Professional x64 Edition SP2 Windows Vista Windows Vista SP1 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Server 2008 for 32-bit Systems Windows Server 2008 for x64-based Systems | ||
| Vulnerability Description A remote code execution vulnerability was reported in Windows Media Player 11 which is an application for Windows that supports numerous video, audio, and image formats. A remote attacker could exploit this issue via a specially crafted server-side playlist (.wsx) file. A server-side playlist (SSPL) is a list that identifies what content is played for a client, the time at which it is played, and the order in which it is played. WSX is a document used as SSPL by Windows Media server. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS08-054 |
|
|
Vulnerability Details The vulnerability is due to a buffer overflow condition in Windows Media Player 11 that fails to properly handle audio-only files streamed from a Windows Media Server with different sampling rates in a server-side playlist (SSPL). A remote attacker could trigger this flaw by convincing a victim to open a specially crafted WSX file. Successful exploitation of this issue may allow the attacker to take complete control of the affected system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block the transferring of WSX files over HTTP.
Since the protection offered in this advisory may degrade performance and block access to legitimate files, users are advised to use this protection as a workaround till all systems are patched.
In order for the protection to be activated, update your VPN-1 product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.