SecurityFocus’s Bugtraq site highlighted a vulnerability that effects windows users via Microsoft Media Player on Dec 24. The security company said that a remote code execution existed for media players ranging from version 9-11 for both XP and Vista based PC’s.
But Microsoft denies the reports and said that the results are false, although Microsoft did approve that the application crashes instead of effecting the rest of the system.
We’ve found no possibility for code execution in this issue, according to a Microsoft Security Response Center blog entry.If he had, we would’ve done the exact same investigation we just completed.When we were done, we would have let them know what we found, asked him if he thinks we might have missed something, continued the investigation if there was more information and ultimately closed the case if we didn’t find a vulnerability. This is how we handle all of the cases we investigate with responsible researchers every year.
