Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Windows Operating Systems Software Security IT

Zero Day Exploit Found in Windows Media Player 177

Posted by CowboyNeal from the back-to-old-tricks dept.
filenavigator writes "Another zero day flaw has been reported in Windows Media player. It comes only one day after a serious zero day flaw was found in word. The flaw is dangerous because it involves IE and Outlook's ability to automatically launch .asx files. No fix from Microsoft has been announced yet."
This discussion has been archived. No new comments can be posted.

Zero Day Exploit Found in Windows Media Player More

Zero Day Exploit Found in Windows Media Player

Comments Filter:

  • Finding holes in a MS product.... (Score:5, Insightful)

    by TJ_Phazerhacki ( 520002 ) on Thursday December 07, 2006 @11:36PM (#17157732) Journal
    Seems to be a bit like finding holes in swiss chese... inevitable....

  • It's not an exploit ... (Score:4, Insightful)

    by jfclavette ( 961511 ) on Thursday December 07, 2006 @11:42PM (#17157790)
    ..., it's a flaw. I'll be impressed if someone can do anything with a 4 bytes heap overflow that happens at a single spot in the program they don'T control. Under ideal circumstances, they'll be able to tamper an integer in WMP.

  • If it's not dangerous... (Score:3, Insightful)

    by bunbuntheminilop ( 935594 ) on Thursday December 07, 2006 @11:47PM (#17157830)
    as people have commented, then why is it zero day? Doesn't zero day mean there is an exploit already?

  • zero-day exploit (Score:3, Insightful)

    by EvanED ( 569694 ) <{evaned} {at} {gmail.com}> on Thursday December 07, 2006 @11:47PM (#17157834)
    Since when did a "potentially exploitable heap buffer overflow" become a zero-day exploit?

  • Re:How is this dangerous? (Score:1, Insightful)

    by Anonymous Coward on Thursday December 07, 2006 @11:48PM (#17157840)
    It depends on what 2-4 bytes can be overwritten with this, obviously. It could be anywhere from completely harmless to critically bad, depending.

  • 4 bytes IS ENOUGH (Score:1, Insightful)

    by Anonymous Coward on Thursday December 07, 2006 @11:49PM (#17157856)
    for those people that don't understand security or how to exploit a buffer overflow, In many cases 1 byte can be enough, you rewrite a function return address with your own address. That does not mean this is definitely exploitable, but don't let the fact that it is only 4 bytes fool you.

  • GG Misleading Post (Score:5, Insightful)

    by PixieDust ( 971386 ) on Friday December 08, 2006 @12:17AM (#17158068)
    Ok, so this flaw is there. It's a bug.

    Doesn't affect my Vista machine. Nor my XP Pro machine running IE7 + WMP 11.

    Seeing things like this, I can't help but wonder what it might look like if every time a flaw was discovered in *Nix, and a security advisory (even if barely remotely applicable, as in this case) were released,and slashdotted. Maybe this post is flamebait too (seems to be my trend as of late), maybe not. But the title of this particular post, is pretty misleading.

    0 day flaw! Congratulations. It's software. I still play games that if they run for more than 2 hours I'm lucky. The real problem is the testing, and the coding that goes into these. You fix one thing, and something else inevitably breaks.

    How often does a kernel update in Linux break something that you now have to update, or sometimes roll back alltogether because they won't work.

    This post is as Overdramatic as going nuts every single time something in Linux broke or didn't work right. Sometimes MS deserves to be thumped on the head. This time though, seriously, come on. Tell you what, run your 4 byte program that is gonna hax0r my computer. I invite it, might give me something to do.

  • Re:WMP11 Has Serious Exploit (Score:2, Insightful)

    by mpapet ( 761907 ) on Friday December 08, 2006 @12:52AM (#17158350) Homepage
    It's the one where Microsoft decided they will decide when and where and on what devices to allow you to play your media.

    Any bright minds out there that willingly use these things lost control of all of their personal media.
    http://www.microsoft.com/windows/windowsmedia/play er/faq/drm.mspx [microsoft.com]

    http://www.theinquirer.net/default.aspx?article=34 523 [theinquirer.net] is in plain engrish.

    I certainly hope you aren't running either Vista or WMP11.

  • Re:How is this dangerous? (Score:4, Insightful)

    by Anonymous Coward on Friday December 08, 2006 @03:33AM (#17159338)
    MS makes quick and dirty shortcuts, to get better performance, bypassing security in the process.

    Um, what quick and dirty shortcuts? MS uses the same protection model every other x86 OS I know of uses. Kernel runs in CPL 0, user processes in CPL 3. Drivers run mostly in CPL 0. In fact, with MS starting to try to push drivers to CPL 3, they're starting to get better than Linux AFAIK. (I think there are some userspace drivers for Linux, but very few. MS is trying to make that the standard for most types drivers I think.)

    MS's bugs come from a combination of a few things. One is what seems to be a prevalence of buffer overruns. Second is running in administrator mode by default (note that this is an entirely different animal than what privilege level code executes in), and what seem to be an abnormally large number of other misc design errors.

    But the memory model is solid.

    With NX protection it should be impossible

    If you think NX protection makes buffer overrun attacks impossible.. you're living in a dream world. I categorize the types of buffer overrun attacks I know into three types, and NX only solves one of them.

  • Slight difference (Score:5, Insightful)

    by ZxCv ( 6138 ) on Friday December 08, 2006 @04:01AM (#17159458) Homepage
    This flaw is not "barely remotely applicable".

    The vast majority of Windows users do not run Vista, IE7, or WMP11, even though all are technically available.

    So this particular flaw affects most Windows users, and is thus important to those that have to deal with these users and/or their computers.

  • Just In Time For Vista Marketing (Score:2, Insightful)

    by Anonymous Coward on Friday December 08, 2006 @05:09AM (#17159806)
    How surprising is this. MS have been sitting on this information for a long time and now it's the most profitable moment to announce them. "Yes, xp has these problems, just upgrade to vista and they'll go away."

  • Re:Another 0-day? (Score:3, Insightful)

    by h2g2bob ( 948006 ) on Friday December 08, 2006 @05:43AM (#17159946) Homepage
    Speaking of 0-day, what does 0-day mean, and why is it placed randomly in front of exciting new exploits?

  • Re:WMP11 EULA Time Bomb (Score:3, Insightful)

    by ConceptJunkie ( 24823 ) * on Friday December 08, 2006 @11:33AM (#17162540) Homepage Journal
    The problem is that for more than a decade Microsoft's priorities have been:

    1. Maintain their monopoly
    2. Fool the government into thinking they don't have a monopoly
    3. Enforce Microsoft lock-in to existing customers
    4. Spreading FUD about Linux and Open Software in general
    5. Band-aiding the constant stream of security flaws in their older products
    6. Inventing more and more byzantine and fragile DRM schemes that are still hacked before they are even released
    7. Making new software people actually want to use

    As you can see, making good software gets trumped by everything else. As far as I'm concerned, they could have stopped with Windows 2000 and stuck to releasing new hardware support, bug fixes and security patches, and we would all be a lot better off.

    Can you imagine how lean, mean, secure and smooth a "Windows 2000 Service Pack 11" would have been in 2006?

    It would be everything Microsoft spend 5 years failing to deliver with Vista.

Slashdot Top Deals

"And remember: Evil will always prevail, because Good is dumb." -- Spaceballs

Close