Shellcode injection warnings for Windows Media Player

[Guest]

[Tim Tylor]

After the latest update for Comodo Firewall I've been getting buffer overflow warnings for Windows Media Player. I'm seeing it on two computers with the same operating systems and security software.

Here's the Defense+ log entry
19/02/2009 20:15:14 \Device\HarddiskVolume2\Program Files\Windows Media Player\wmplayer.exe  Shellcode Injection

Here's the OS and security software on both machines: Windows XP Home edition, with SP3 and all critical patches. Comodo firewall (surprise ) with Defense + enabled, ESET NOD32 antivirus and SuperAntiSpyware free edition.

(Apologies if I've chosen the wrong forum section. It's a buffer overflow issue, but I'm using Comodo Firewall rather than the standalone Memory Firewall.)

[Ronny]

I think this need some sort of investigation to see if it's a FP or not.
Have you loaded any "strange" codecs or other stuff in there ?
Which version of WMP are we talking about ?

[Tim Tylor]

It's WMP version 11.0.5721.5230 on both computers. I don't think I've installed anything dodgy, and I do regular virus and spyware scans on both machines.

[egemen]

After the latest update for Comodo Firewall I've been getting buffer overflow warnings for Windows Media Player. I'm seeing it on two computers with the same operating systems and security software.

Here's the Defense+ log entry
19/02/2009 20:15:14 \Device\HarddiskVolume2\Program Files\Windows Media Player\wmplayer.exe  Shellcode Injection

Here's the OS and security software on both machines: Windows XP Home edition, with SP3 and all critical patches. Comodo firewall (surprise ) with Defense + enabled, ESET NOD32 antivirus and SuperAntiSpyware free edition.

(Apologies if I've chosen the wrong forum section. It's a buffer overflow issue, but I'm using Comodo Firewall rather than the standalone Memory Firewall.)

In the machine you can see this behavior, can you pls try with the the other security software uninstalled in order to see if this resolves the alert?

There are 3 possibilitites:

1 - There is a BO in Media Player
2 - There is a BO in one of the components loaded into the memory of Media Player and this component is a p[art of another software(in your case it might be one of the security software you have)
3 - This is a false positive

To help us identify, can you pls try with other security software uninstalled?

Thx,
Egemen

[Tim Tylor]

Sorry for the slow response. I've tried it with the other programs uninstalled, and I still get the warnings.

[Tim Tylor]

Installed the recent Comodo updates, but it's still happening.

[Ronny]

I guess we have to wait for Egemen to see what's next...

[egemen]

We could not reproduce this issue. I am pretty sure this is a genuine buffer overflow alert. But to be sure, can you have an EasyVPN session with me so that i can specifically identify on your computer?

[Tim Tylor]

We could not reproduce this issue. I am pretty sure this is a genuine buffer overflow alert. But to be sure, can you have an EasyVPN session with me so that i can specifically identify on your computer?

Sure, if we can arrange a time. Thanks muchly. 
Update: I've started getting buffer overflow alerts for notepad.exe as well.

[egemen]

Sure, if we can arrange a time. Thanks muchly. 
Update: I've started getting buffer overflow alerts for notepad.exe as well.

Ok please add me to your EasyVPN list. My ID is Egemen. You download COMODO EasyVPN from http://easy-vpn.comodo.com/download.html

Thanks,

Egemen

[Ronny]

That does not sound very good, the notepad stuff that is, Egemen go catch it ;-)

[Tags:]