Patch for Windows Media Player 6.4 , 7 and 7.1 .nsc File Vulnerability (304404)


The information in this article applies to:

  • Microsoft Windows Media Player 6.4
  • Microsoft Windows Media Player 7
This article was previously published under Q304404
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

Microsoft has made a patch available to eliminate a security vulnerability that exists in Windows Media Player versions 6.4, 7 and 7.1.

Windows Media Player provides support for audio and video streaming. You can configure streaming media channels by using Windows Media Station (.nsc) files. An unchecked buffer exists in the functionality that is used to process Windows Media Station files.

CAUSE

This problem results in a vulnerability because there is an unchecked buffer in a section of Windows Media Player that processes .nsc files. By including a particular type of malformed entry in an .nsc file, an attacker could cause code of his or her choice to run when you play the file.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

To resolve this problem, download and install a patch for this problem from the following Microsoft Web site:

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31459

NOTE: This patch can be installed on computers that are running Windows Media Player 6.4, and 7.1. Note that if you are running Windows Media Player 7, you should first upgrade to Windows Media Player version 7.1, and then install the patch.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.

MORE INFORMATION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

If you want to verify that the patch has been installed successfully on your computer, confirm that the following registry key exists:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows Media Player\WMSU55362

For additional information about this vulnerability and what else this patch fixes, please see the following Microsoft Security Bulletin:

http://www.microsoft.com/technet/security/bulletin/ms01-042.asp

To download and install Windows Media Player 7.1, view the following Microsoft Web site:

http://www.microsoft.com/windows/windowsmedia/download/

Mitigating Factors

  • Customers that have applied the Microsoft Outlook E-mail Security Update for Outlook 2000 or that are running Outlook 2002 (which includes the security update functionality), are automatically protected against HTML e-mail message-based attempts to exploit this vulnerability.
  • For others not in the above categories, the attacker would have to entice the potential victim to visit a Web site that is under the attacker's control, or to open an HTML e-mail message that the attacker had sent.
  • The attacker would need to know the specific operating system that the user was running to tailor the attack code properly. If the attacker made an incorrect guess about the user's operating system, the attack would crash the user's Windows Media Player session, but not run code of the attacker's choice.
Modification Type:MajorLast Reviewed:9/11/2006
Keywords:kbAppCompatibility kbbug kbenv kbfix kbWin2000sp3fix KB304404
©2004 Microsoft Corporation. All rights reserved.