1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP ASF StreamProperty BO

HTTP ASF StreamProperty BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a vulnerability in Windows Media Format Runtime which could allow remote code execution.

Additional Information

Windows Media Format Runtime is a library for Microsoft Windows operating systems. It handles audio and video files for applications such as Microsoft Media Player.

The library is prone to a remote code-execution vulnerability because it fails to properly handle malformed ASF (Advanced Systems Format) files.

Specifically, the vulnerable code resides in the 'wmasf.dll' library. This library fails to properly parse specially crafted ASF files that can allow remote code to run. An attacker could exploit this issue by tricking an unsuspecting victim into visiting a webpage with malicious ASF content.

ASF files may have the following file extensions:

ASF
WMV
WMA

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

Affected

  • Avaya Messaging Application Server MM 1.1, MM 2.0, MM 3.0, MM 3.1
  • HP Storage Management Appliance 2.1, I, II, III
  • Microsoft Windows Media Format 7.1, 9.0, 9.5, 9.5 x64, 11.0
  • Microsoft Windows Media Services 9.1, 9.1 x64
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube