Zero day flaw found in Windows Media Player

Security researchers have uncovered a zero day flaw in Windows Media Player that attackers could exploit to cause a denial of service or launch malicious code on targeted machines. The vulnerability came to light a day after Microsoft confirmed another zero day flaw in Word that has suffered limited attacks.

According to an advisory from Aliso Viejo, Calif.-based eEye Digital Security, the problem is a buffer overflow error in the Windows Media Player library (WMVCORE.DLL) caused when .asx files with overly long "REF HREF" tags are processed. Zero-day flaw found in Windows Media Player

Linked by shanmuga Friday, 8th December 2006 11:24PM