Microsoft confirms a new bug in WMP

Microsoft has confirmed a new buffer overflow security error discovered in Windows Media Player.

This security bug was discovered by eEye Digital Security and announced to Microsoft two weeks ago and warned there could be an outbreak of new exploit code for WMP.

Fortunately, there are still no exploits available on the Internet.

eEye said the new security bug in WMP originated from the function of processing ASX playlists in XML format. This error can be exploited to trick WMP into allocating a large amount of caching for handling a long ASX file name path string and causing a buffer overflow error.

This is a necessary condition to help an exploit code to work and help hackers gain control or execute binary code on a system that has errors.

In fact, the buffer overflow error in the ASX file handling function was detected in WMP from version 6.4. However, so far this error has not been disclosed to the outside.

The Microsoft Security Response Center said it has also investigated the possibility of generating code-exploiting methods. However, the research results have not yet been published.

And eEye still insists that this error can be exploited by malicious code. Security firm Secunia is also pleased with this view and puts new bugs in Windows Media Player at "extremely dangerous" level.

Hoang Dung