Microsoft Windows MP3 Audio Codec Divide-by-Zero Denial Of Service

Microsoft Windows MP3 Audio Codec Divide-by-Zero Denial Of Service 

Rating: High

Affected OS: Windows XP (Service Pack 3, [++])

Description: A denial of service vulnerability is present in some versions of Microsoft Windows.

Recommendation: Currently we are unaware of a vendor-supplied patch or update.

Observation: A denial of service vulnerability is present in some versions of Microsoft Windows.

The flaw lies in a divide-by-zero error condition when processing specific MPEG Layer-3 data.  Exploitation can be achieved via a specially crafted AVI file. Upon exploitation, and attacker may gain the ability to remotely affect the availability of the vulnerable host.

Common Vulnerabilities & Exposures (CVE): NA

IAVA Reference Number: NA

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.