Last Thursday, a vulnerability notification service SecurityTracker identified a new vulnerability that is said to affect Windows Media Player (WMP) 11 and earlier versions.

Though Microsoft denounced the reports of the vulnerability, an entry posted by the SANS Internet Storm Center on Saturday, stated that when a reader tested proof-of-concept (PoC) code on a fully patched Windows XP Service Pack 3 system, it resulted in the crashing of WMP 9 and 11.

The reported vulnerability can allow the execution of an arbitrary code, if a remote user creates a WAV, SND or MIDI file and loads it to trigger an integer overflow.

On its Security Vulnerability Research & Defense blog, Microsoft said that the company investigations of the reports that surfaced on the Internet found them to be "false." According to the company, the flaw is a reliability issue which does not have any security risk to the customers.

Microsoft spokesman wrote in an email to SCMagazineUS. com on Monday that Microsoft has investigated the claim, and concluded that the vulnerability is not product vulnerability. Moreover, Microsoft said it does not allow an attacker to execute arbitrary code, as the report incorrectly claimed, since the reported crash is not exploitable.

Mark Loveless, an information security researcher and scientist at a nonprofit research organization, MITRE, too said that "the vulnerability causes Windows Media Player to crash, but is probably not exploitable."