CVE-2011-3401

Name of the Vulnerable Software and Affected Versions Windows Media Player versions in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1

Description A remote code execution issue exists in the way Windows Media Player and Windows Media Center handle .dvr-ms files. This could allow an attacker to execute arbitrary code if a user is convinced to open a specially crafted .dvr-ms file. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Windows Media Player in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1, consider avoiding the use of .dvr-ms files until a patch is available. As a temporary workaround, restrict access to Windows Media Player and Windows Media Center to minimize the risk of exploitation.