Microsoft denies vulnerability in Media Player

CIOL Bureau
Updated On
New Update

BANGALORE, INDIA:Microsoft on Monday dismissed the reports that there was a critical vulnerability in Windows Media Player, that would allow for remote code execution.


A team of Security Vulnerability Research and Defense (SVRD) group in Microsoft said in a company blog post that the report by researcher Laurent Gaffie is "false” and the flaw is "reliability issue with no security risk to customers".

Gaffie had claimed on December 24 that a vulnerability existed in Windows Media Player 9, 10, and 11 and this would allow hackers to create a malformed WAV, SND, or MIDI file to compromise a PC running Windows Vista or Windows XP.

Criticizing Gaffie for publishing his claims without first contacting the software giant, Microsoft said: “After that report, other organizations picked the report up and claimed that the issue was a code execution vulnerability in Windows Media Player. Those claims are false. We've found no possibility for code execution in this issue.” The SVRD group said “this bug cannot be leveraged for arbitrary code execution".

The researchers said they had found the bug earlier, and fixed it in at least one version of its server software. "We do like to get these reliability issues fixed in a future service pack or a future version of the platform whenever possible. This particular bug, for example, has already been fixed in Windows Server 2003 Service Pack 2," they claimed.