Microsoft this week warned Windows Media Player users that a flaw in the program is susceptible to proof-of-concept malicious code.
Redmond is investigating reports of PoC code using Windows Media ASX files, although the company is not aware of any attacks.
A malicious user could employ a corrupted file to cause Media Player to overrun a heap-allocated bugger, potentially leading to remote code execution, according to a post on the Microsoft Security Response Center blog by researcher Alexandra Huft.
An attacker could use the flaw to cause a DoS attack or compromise a user's system, according to a Secunia report.
The flaw is caused by a boundary error when handling "REF HREF" tags in ASX playlists. It has been reported in version 10.00.00.4036.
The software giant did not say it would release a Patch Tuesday fix for a recently discovered flaw in Microsoft Word, despite active attacks against the vulnerability in the wild.Click here to email Frank Washkuch Jr.