Hi malware fighters,

Another serious zero-day day hole in Windows Media Player 9 and 11 published on the web. Through a prepeared Wav, SND of MIDI file an attacker can take over the OS. Tested on fully patched XP and Vista. POC exploit can be found here: http://www.securitytracker.com/alerts/2008/Dec/1021495.html
The malicious files can be embedded in a website. M$ has not come forward with a reaction to the publication, neither has Jeff Jones. For the moment I use VLC Media Player,

polonus

Thanks for the info Damien.
This is another good reason to use an alternate program to play these files.
My choice for a long time, has been jetAudio

Hi bob3160,

Sometimes Microsoft is falsely accused and well here. The security researcher overplayed his hand, the hole is not that dangerous. It can crash the Media Player, yes it can, but you can then start the player again, and then it is only a nuisance:
http://blogs.technet.com/swi/archive/2008/12/29/windows-media-player-crash-not-exploitable-for-code-execution.aspx
Will be addressed in a new service pack, the fuzzers were already aware of this one,

polonus

;D Hi Polonus,

This will add to your explanation::http://msn-cnet.com.com/8301-1009_3-10129682-83.html?tag=newsEditorsPicksArea.0