DoctorDoom
02-14-2006, 09:05 PM
#1: this affects Media Player access from non-IE browsers. Highly critical.
A vulnerability has been reported in Windows Media Player plug-in, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the handling of malformed EMBED elements and can be exploited to cause a buffer overflow via e.g. a malicious web site containing a specially crafted EMBED element.
Successful exploitation allows execution of arbitrary code.
NOTE: The vulnerability does not affect users of Internet Explorer.Windows Media Player Plug-in EMBED Element Processing Vulnerability (http://secunia.com/advisories/18852/)
<hr>
#2: For Media Players version 7.0 and higher. Highly critical.
A vulnerability has been reported in Windows Media Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the processing of bitmap files (.bmp) and can be exploited to cause a buffer overflow via a specially crafted bitmap file.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious web site, opens a malicious bitmap file (Windows Media Player is not the default handler for bitmap files), or opens a file (e.g. Word document) containing a malicious Windows Media Player (.wmp) image.Windows Media Player Bitmap File Processing Vulnerability (http://secunia.com/advisories/18835/)
<hr>
#3: For Powerpoint 2000 only, not critical. Just FYI.
A vulnerability has been reported in Microsoft PowerPoint 2000, which can be exploited by malicious people to gain knowledge of sensitive information.
The vulnerability is caused due to an error within the interaction between PowerPoint and Internet Explorer when rendering HTML data. This can be exploited to access objects in the Temporary Internet Files Folder (TIFF) explicitly by name on a user's system.
Successful exploitation requires that a user e.g. is tricked into visiting a malicious web site. It is not directly possible to execute code on the system, but it may provide sensitive information that aids in further compromise of the vulnerable system.Microsoft PowerPoint Temporary Internet Files Information Disclosure (http://secunia.com/advisories/18865/)
<hr>
#4: Windows XP and Server 2003. Not critical. Requires local access to the computer. Another FYI item.
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to a boundary error in Web Client Service the handling of WebDAV messages.Microsoft Windows Web Client Service Vulnerability (http://secunia.com/advisories/18857/)
<hr>
#5: TCP/IP (Internet related) vulnerability. Not critical, but probably worth the time to patch it.
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a validation error in the handling of IGMP traffic.
Successful exploitation may cause the affected system to stop responding.Microsoft Windows TCP/IP Denial of Service (http://secunia.com/advisories/18853/)
A vulnerability has been reported in Windows Media Player plug-in, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the handling of malformed EMBED elements and can be exploited to cause a buffer overflow via e.g. a malicious web site containing a specially crafted EMBED element.
Successful exploitation allows execution of arbitrary code.
NOTE: The vulnerability does not affect users of Internet Explorer.Windows Media Player Plug-in EMBED Element Processing Vulnerability (http://secunia.com/advisories/18852/)
<hr>
#2: For Media Players version 7.0 and higher. Highly critical.
A vulnerability has been reported in Windows Media Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the processing of bitmap files (.bmp) and can be exploited to cause a buffer overflow via a specially crafted bitmap file.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious web site, opens a malicious bitmap file (Windows Media Player is not the default handler for bitmap files), or opens a file (e.g. Word document) containing a malicious Windows Media Player (.wmp) image.Windows Media Player Bitmap File Processing Vulnerability (http://secunia.com/advisories/18835/)
<hr>
#3: For Powerpoint 2000 only, not critical. Just FYI.
A vulnerability has been reported in Microsoft PowerPoint 2000, which can be exploited by malicious people to gain knowledge of sensitive information.
The vulnerability is caused due to an error within the interaction between PowerPoint and Internet Explorer when rendering HTML data. This can be exploited to access objects in the Temporary Internet Files Folder (TIFF) explicitly by name on a user's system.
Successful exploitation requires that a user e.g. is tricked into visiting a malicious web site. It is not directly possible to execute code on the system, but it may provide sensitive information that aids in further compromise of the vulnerable system.Microsoft PowerPoint Temporary Internet Files Information Disclosure (http://secunia.com/advisories/18865/)
<hr>
#4: Windows XP and Server 2003. Not critical. Requires local access to the computer. Another FYI item.
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to a boundary error in Web Client Service the handling of WebDAV messages.Microsoft Windows Web Client Service Vulnerability (http://secunia.com/advisories/18857/)
<hr>
#5: TCP/IP (Internet related) vulnerability. Not critical, but probably worth the time to patch it.
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a validation error in the handling of IGMP traffic.
Successful exploitation may cause the affected system to stop responding.Microsoft Windows TCP/IP Denial of Service (http://secunia.com/advisories/18853/)