The proof of concept for a Windows Media Player exploit does exist, and it has been shared. But it's not a vulnerability, Microsoft said, because it would need to trigger remote code execution...and this one doesn't.
Coder Laurent Jaffié recently posted to some "security" sites (at least one of which clearly deserves the prefix "in-") a Perl script that literally does nothing more than create a malformed .WAV file. If you play that WAV file in Windows Media Player, well, it evidently crashes. And Jaffié's description of the file in his comments actually does not claim to do more than that -- specifically, he calls it a "remote integrer [sic] overflow."
Somehow, the word was spread in recent days that Jaffié had discovered an overflow that triggers the possibility of remote code execution. Yet a check of the Perl script shows no such proof of any concept of exploitability -- literally, all it does is make a WAV file that crashes WMP.
Still, that didn't stop alarm bells from sounding anyway. British IT news site Heise Online tested Jaffié's code and confirmed that it did indeed crash WMP. But rather than take the test further, Heise then took the word of another Web site which claimed the crash was exploitable, prior to that site issuing a retraction yesterday. Heise has not corrected its version.
"Security Tracker say that the vulnerability can allow code to pass through the hole," reads the Heise story. "If this is true it won't be long before real exploits appear. This was demonstrated with the recent zero day vulnerability of Internet Explorer."
But the world at large was introduced by the issue yesterday when Microsoft squashed Heise's report like...well, like a bug, providing technical details to back itself up.
Source
Coder Laurent Jaffié recently posted to some "security" sites (at least one of which clearly deserves the prefix "in-") a Perl script that literally does nothing more than create a malformed .WAV file. If you play that WAV file in Windows Media Player, well, it evidently crashes. And Jaffié's description of the file in his comments actually does not claim to do more than that -- specifically, he calls it a "remote integrer [sic] overflow."
Somehow, the word was spread in recent days that Jaffié had discovered an overflow that triggers the possibility of remote code execution. Yet a check of the Perl script shows no such proof of any concept of exploitability -- literally, all it does is make a WAV file that crashes WMP.
Still, that didn't stop alarm bells from sounding anyway. British IT news site Heise Online tested Jaffié's code and confirmed that it did indeed crash WMP. But rather than take the test further, Heise then took the word of another Web site which claimed the crash was exploitable, prior to that site issuing a retraction yesterday. Heise has not corrected its version.
"Security Tracker say that the vulnerability can allow code to pass through the hole," reads the Heise story. "If this is true it won't be long before real exploits appear. This was demonstrated with the recent zero day vulnerability of Internet Explorer."
But the world at large was introduced by the issue yesterday when Microsoft squashed Heise's report like...well, like a bug, providing technical details to back itself up.
Source
