Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero Day Exploit Found in Windows Media Player

Posted by CowboyNeal on from the back-to-old-tricks dept.

filenavigator writes "Another zero day flaw has been reported in Windows Media player. It comes only one day after a serious zero day flaw was found in word. The flaw is dangerous because it involves IE and Outlook's ability to automatically launch .asx files. No fix from Microsoft has been announced yet."

3 of 177 comments (clear)

  1. Does Not Affect WMP 11 or Vista by ThinkFr33ly · · Score: 4, Informative

    FYI, this does not seem to affect Windows Media Player 11, which is available via Windows Update or the WMP site.

    It also does not affect Vista, both because Vista comes with WMP 11, and thanks to IE7 running in protected mode. This would likely cause the browser to crash, however.

  2. All it takes is a jump instruction. by Anonymous Coward · · Score: 5, Informative

    x86 processors have a local jump instruction that is 4 bytes long. If the exploiter is able to get his code loaded within range of that jump instruction, you're fucked. And really, getting code loaded like that is not a difficult thing to do.

    In fact, many x86 operating systems have used such a technique to dynamically patch kernel code. They insert a couple of nop operations after a function prologue. These operations normally do nothing, but can be replaced with a jump instruction at runtime. This allows for the instructions of the existing function to be replaced with ease.

  3. Re:How is this dangerous? by LO0G · · Score: 5, Informative

    It depends on your heap allocator. IIRC, on the Windows XP heap (without service packs) an application could be owned with just a 1 byte heap overflow (if the phase of the moon was right). On XP SP2's heap it's WAY harder to exploit overflows, because the heap was hardened against this kind of attack. On Vista, it's even harder, the heap was hardened well beyond what was done in XP SP2.

    I have no idea of how exploitable the various *nix or OSX heap implementations are - I'm sure that some are even more exploitable than XP's heap was (the original 4.2 BSD heap was very exploitable, IIRC), and I'm also sure that some of them are hardened as well as Vista's.

    But heap hardening just makes exploitation harder (this is true of ALL defense-in-depth techniques). Even if your platform has a hardened heap and NX protection and stack canaries and ASLR, it's still possible to successfully exploit a vulnerability - it's many many orders of magnitude harder than if those features weren't present, but it's still possible to attack the system.