Zero Day Exploit Found in Windows Media Player

filenavigator writes "Another zero day flaw has been reported in Windows Media player. It comes only one day after a serious zero day flaw was found in word. The flaw is dangerous because it involves IE and Outlook's ability to automatically launch .asx files. No fix from Microsoft has been announced yet."

Re:4 bytes IS ENOUGH

[EvanED]

It's a heap buffer (assuming TFA is right), which means the return address will be nowhere near it. There *could* still be neighboring security-sensitive code, but it's extremely unlikely. Worst case that's remotely likely would be that you corrupt the header that markes the beginning of the next heap block and wreak havoc with future malloc calls. Probably nothing controllable though. This *really* isn't that big of a deal, and calling it a zero-day exploit is downright libel.