Intrusion Prevention

MS.Windows.Media.Player.SAMI.Code.Execution

Description

This indicates an attempt to exploit a remote code-execution vulnerability in Microsoft Windows Media Player.
The vulnerability is due to the way Windows Media Player handles supported file formats. This vulnerability is caused by a buffer overflow in QUARTZ.DLL when it tries to parse SAMI files containing long caption class names.

Affected Products

Windows 2000 SP4
Windows XP SP2 and Windows XP SP3
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition SP2
Windows Server 2003 SP1 and Windows Server 2003 SP2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista and Windows Vista SP1
Windows Vista x64 Edition and Windows Vista x64 Edition SP1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems

Impact

System Compromise
Denial of Service

CVE References

CVE-2008-1444