After the latest update for Comodo Firewall I’ve been getting buffer overflow warnings for Windows Media Player. I’m seeing it on two computers with the same operating systems and security software.
Here’s the Defense+ log entry
19/02/2009 20:15:14 \Device\HarddiskVolume2\Program Files\Windows Media Player\wmplayer.exe Shellcode Injection
Here’s the OS and security software on both machines: Windows XP Home edition, with SP3 and all critical patches. Comodo firewall (surprise ) with Defense + enabled, ESET NOD32 antivirus and SuperAntiSpyware free edition.
(Apologies if I’ve chosen the wrong forum section. It’s a buffer overflow issue, but I’m using Comodo Firewall rather than the standalone Memory Firewall.)
I think this need some sort of investigation to see if it’s a FP or not.
Have you loaded any “strange” codecs or other stuff in there ?
Which version of WMP are we talking about ?
It’s WMP version 11.0.5721.5230 on both computers. I don’t think I’ve installed anything dodgy, and I do regular virus and spyware scans on both machines.
In the machine you can see this behavior, can you pls try with the the other security software uninstalled in order to see if this resolves the alert?
There are 3 possibilitites:
1 - There is a BO in Media Player
2 - There is a BO in one of the components loaded into the memory of Media Player and this component is a p[art of another software(in your case it might be one of the security software you have)
3 - This is a false positive
To help us identify, can you pls try with other security software uninstalled?
We could not reproduce this issue. I am pretty sure this is a genuine buffer overflow alert. But to be sure, can you have an EasyVPN session with me so that i can specifically identify on your computer?