Microsoft Windows Media Player MIDI File MThd Header Parsing DoS Vulnerability

SecPod ID: 10179 Microsoft Windows Media Player MIDI File MThd Header Parsing DoS Vulnerability	Status: Public Report Release Date: 11-11-2008 Severity: High CVSS Base Score: 7.1 (AV:N/AC:M/Au:NR/C:N/I:N/A:C) CVSS Temporal Score = 6.1
Affected Software/OS/Device: Microsoft Windows Media Player versions 11.x and prior	Impact Level: Application

SecPod Nessus Plugin ID: 900172	Snort ID:
Vulnerability Insight: Overview: Windows Media Player is prone to denial of service vulnerability. Description: The vulnerability is caused due to error in processing malformed "MIDI" or "DAT" file, related to "MThd Header Parsing. Impact : Successful exploitation will lead to denial of service. CVSS Score Report: ACCESS_VECTOR = NETWORK ACCESS_COMPLEXITY = MEDIUM AUTHENTICATION = NOT_REQUIRED CONFIDENTIALITY_IMPACT = NONE INTEGRITY_IMPACT = NONE AVAILABILITY_IMPACT = COMPLETE EXPLOITABILITY = UNPROVEN REMEDIATION_LEVEL = UNAVAILABLE REPORT_CONFIDENCE = CONFIRMED CVSS Base Score = 7.1 (AV:N/AC:M/Au:NR/C:N/I:N/A:C) CVSS Temporal Score = 6.1 Fix: No solution/patch is available as on 05th November, 2008. References: http://www.securityfocus.com/bid/32077 http://en.securitylab.ru/nvd/362438.php