Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:STREAM:ASF-BOF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Microsoft Windows Media Format ASF Parsing Buffer Overflow

Release Date

 2011/07/13

Update Number

 1954

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Microsoft Windows Media Format ASF Parsing Buffer Overflow


This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft Windows Media Format library. It is caused due to a boundary error when processing Advanced Systems Format (ASF) files. A remote attacker can exploit this by enticing the target user to open crafted ASF file, which if successful, allows arbitrary code to be injected and executed in the security context of the currently logged in user.

Extended Description

Windows Media Player is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data. Attackers may attempt to exploit this issue by coercing users to visit a malicious website or to access malicious ASF files. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers.

Affected Products

  • Avaya Agent Access
  • Avaya Basic Call Management System Reporting Desktop server
  • Avaya Basic Call Management System Reporting Desktop
  • Avaya CMS Supervisor
  • Avaya Computer Telephony
  • Avaya Contact Center Express
  • Avaya CVLAN
  • Avaya Enterprise Management
  • Avaya Integrated Management
  • Avaya Interaction Center
  • Avaya Interaction Center - Voice Quick Start
  • Avaya IP Agent
  • Avaya IP Softphone
  • Avaya Modular Messaging (MAS)
  • Avaya Network Reporting
  • Avaya OctelAccess(r) Server
  • Avaya OctelDesignerTM
  • Avaya Operational Analyst
  • Avaya Outbound Contact Management
  • Avaya S8100 Media Servers R10
  • Avaya S8100 Media Servers R11
  • Avaya S8100 Media Servers R12
  • Avaya S8100 Media Servers R6
  • Avaya S8100 Media Servers R7
  • Avaya S8100 Media Servers R8
  • Avaya S8100 Media Servers R9
  • Avaya S8100 Media Servers
  • Avaya Speech Access
  • Avaya Unified Communication Center
  • Avaya Unified Messenger (r)
  • Avaya Visual Messenger TM
  • Avaya Visual Vector Client
  • Avaya VPNmanagerTM Console
  • Avaya Web Messenger
  • HP Storage Management Appliance 2.1
  • Microsoft Windows Media Format 7.1
  • Microsoft Windows Media Format 9.5
  • Microsoft Windows Media Player 10.0
  • Microsoft Windows Media Player 6.4
  • Microsoft Windows Media Player 7.1
  • Microsoft Windows Media Player 8.0
  • Microsoft Windows Media Player 9.0

References

  • BugTraq: 21505
  • CVE: CVE-2006-4702

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out