Public Proof of Concept Code for ASX File Format Isssue

Hey everyone this is Alexandra Huft


I wanted to let you know that we’re aware of proof-of-concept code published publicly affecting Windows Media ASX file format. We are currently investigating this report. We are not currently aware of attempts to exploit this vulnerability.


The ASX file format is an XML-based media file format which is processed by Windows Media Player.  An attacker could construct a malformed ASX file and use it to cause Media Player to overrun a heap-allocated buffer, potentially leading to remote code execution. 


We are also investigating other attack vectors to reach the same vulnerable code.

As part of our investigation, we are working with our MSRA partners to monitor and secure the ecosystem.



*This posting is provided “AS IS” with no warranties, and confers no rights.*