Vigil@nce: Windows Media, denial of service via WAV/SND/MID
January 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious WAV/SND/MID file in order to
generate a denial of service when opened with Windows Media Player.
Gravity: 2/4
Consequences: user access/rights
Provenance: document
Means of attack: 1 proof of concept and 1 attack
Ability of attacker: technician (2/4)
Confidence: multiples sources (3/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 30/12/2008
Revision date: 30/12/2008
IMPACTED PRODUCTS
– Microsoft Internet Explorer
– Microsoft Windows - plateform
DESCRIPTION OF THE VULNERABILITY
The Windows Media Player file plays audio files in WAV, SND or MID
formats.
An attacker can create a malicious WAV, SND or MID file, in order
to truncate the result of a division. This error stops Windows
Media Player, but does not lead to code execution.
An attacker can therefore create a malicious file in order to
generate a denial of service on victim’s computer, when opened
with Windows Media Player.
CHARACTERISTICS
Identifiers: BID-33018, BID-33042, CVE-2008-5745,
VIGILANCE-VUL-8357