Windows Media Player Has No Flaws Says Microsoft

Microsoft Corp. has denied reports that a security hole in its Windows Media Player application could be exploited to execute remote code on user’s PC.

In its post to Security Vulnerability Research and Defense blog, the software giant has notified that it has investigated the reports that appeared on the web last week, and claimed that the reports were “false”.

The investigations were triggered by a report published on the Bugtraq by researcher Laurent Gaffie, and reported a serious vulnerability in Windows Media Player version 9, 10, and 11. 

However, Microsoft acknowledged that the code published on Bugtraq could crash the Windows Media Player, but claimed that it doesn’t affect the system at all.  

Incidentally, Gaffie noted that the vulnerability could enable hackers to create maliciously formed SND, MIDI, and WAV files to compromise PCs with Windows XP and Vista operating systems.

Along with denial, Microsoft has condemned Gaffie for publishing security claims without first addressing it to the company, and expressed its dissatisfaction by saying “If he had, we would’ve done the exact same investigation we just completed”.

Later on Microsoft found that the so called flaw was actually a part of “ongoing code maintenance”, which has already been tackled in its Windows Server 2003 Service Pack 2.

Go To Page 2 for our comments and more related links