Patch Available for ".asx Buffer Overrun" and ".wms Script Execution" Vulnerabilities

Article translations Article translations
Article ID: 280419 - View products that this article applies to.
This article was previously published under Q280419
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

SYMPTOMS

Microsoft has released a patch that eliminates two security vulnerabilities in Windows Media Player. These vulnerabilities may enable a malicious user to cause a program to run on another user's computer.

The two vulnerabilities discussed in this article are unrelated to each other except that they both affect Windows Media Player. They are packaged in one downloadable file to make it easier for you to apply. The vulnerabilities include:
  • The ".asx Buffer Overrun" vulnerability. Windows Media Player supports Active Stream Redirector (.asx) files so that users can play streaming media that resides on intranet or Internet sites. However, the code that parses .asx files has an unchecked buffer that can allow a malicious user to run code on the computer of another user. The malicious user might either send an affected file to another user to run or preview, or the malicious user might host an affected file on a Web site and cause the file to run automatically when a user visits the site. The code can take any action on the computer that the legitimate user might take.
  • The ".wms Script Execution" vulnerability. Windows Media Player 7 introduced a skins feature that allows customization of how Windows Media Player looks. However, a custom skin (.wms) file can potentially include script, which can run if the user runs Windows Media Player and selects that skin. A malicious user can either send a customized skin that contains script to another user, or the malicious user can host a customized skin on a Web site and cause it to run automatically when a user visits the site. Because the code can be located on the user's local computer, the code can run ActiveX controls, including ActiveX controls that are not marked as safe for scripting. When this occurs, the code can take any action on the computer that can be accomplished by using an ActiveX control.

RESOLUTION

Windows Media Player 7

NOTE: An updated package was released on February 12, 2000.

The following file is available for download from the Microsoft Download Center:
Collapse this imageExpand this image
Download
Download Wmsu38041.exe now
NOTE: This update also corrects the problem discussed in the following Microsoft Knowledge Base article:
287045 Patch Available for Windows Media Player Skins File Download Vulnerability
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. The English version of this fix should have the following file attributes or later:
   Date        Time    Version     Size       File name
   -------------------------------------------------------
   02/06/2001  12:44p  7.0.0.1959    827,664  Wmpcore.dll
   02/06/2001  12:51p  7.0.0.1959    348,432  Wmplayer.exe
   02/06/2001  12:51p  7.0.0.1959  1,134,864  Wmpui.dll
				

Windows Media Player 6.4

The following file is available for download from the Microsoft Download Center:
Collapse this imageExpand this image
Download
Download Wmsu33995.exe now
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on secure servers that prevent any unauthorized changes to the file.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

Windows 95/Windows 98/Windows NT 4.0 Dxmasf.dll file

  • Windows 95/Windows 98/Windows NT 4.0 original version:
    6.4.7.1112 shp 498,448 12-14-1999 Dxmasf.dll
  • Original release of Windows 95/Windows 98/Windows NT 4.0 patched version:
    6.4.7.1112 shp 838,656 11-15-2000 Dxmasf.dll
  • Updated release of Windows 95/Windows 98/Windows NT 4.0 patched version:
    6.4.7.1113 shp 525,008 12-06-2000 Dxmasf.dll
For more information about this problem, view the following Microsoft Security Bulletin Web site:
http://www.microsoft.com/technet/security/bulletin/MS00-090.mspx
For additional security-related information about Microsoft products, view the following Microsoft Security Web site:
http://www.microsoft.com/technet/security

Properties

Article ID: 280419 - Last Review: February 28, 2014 - Revision: 4.3
APPLIES TO
  • Microsoft Windows Media Player 6.4
  • Microsoft Windows Media Player 7.0
Keywords: 
kbnosurvey kbarchive kbbug kbfix kbgraphxlinkcritical kbqfe KB280419

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com