It is Microsoft’s patch day and guess what? eEye Digital
Security found a new vulnerability in Windows Media Player.
“The vulnerability exists due to an unchecked
buffer in Windows Media Player that allows a malicious bitmap file
(BMP) to be used to execute commands on a remote system, in the
context of a logged-in user. This flaw affects Media Player
versions 7.1 through 10 that run on the following Windows operating
systems: Windows NT, Windows 2000 SP4, Windows XP SP1 and 2, and
Windows 2003.”
Visit eEye Didigital Security for other details. A brief
write up can also be found in the Inquirer’s page, click here for the report.
Microsoft’s MS06-005: Vulnerability in Windows Media Player
Could Allow Remote Code Execution (911565) should address this
as it concerns BMP files. Users are advised to patch their
computers as soon as possible to avoid targeted attacks which
exploit the vulnerabilities addressed in today’s update.