Microsoft disagree on windows media vulnerability
Microsoft Corporation is not agree with the researcher claim of windows media vulnerability. The flaw does not posess any security risk as it is a reliabilty issue.
According to researcher Laurent Gaffi, the vulnerability could be used by hackers armed with malformed .wav, .snd, or .mid audio files to attack on windows xp and vista.
Several editions of Windows Media Player, including Versions 9, 10 and the newest, 11, are vulnerable, Gaffi reported in his disclosure on Dec. 24 to the Bugtraq security mailing list. Gaffi also included proof-of-concept attack code that he said would allow remote code execution.
Microsoft claimed that this bug cannot be leveraged for arbitrary code execution. Ness and Serna said company researchers had found the bug earlier, and fixed it in at least one version of its server software.
Microsoft aim at fixing this bug in future releases of windows media. This particular bug, for example, has already been fixed in Windows Server 2003 Service Pack 2,” Ness and Serna said.