Microsoft officials strongly denied the fact that the flaw identified in its Windows Media Player software poses security risks for PC users.

The vulnerability in Windows Media Player 9, 10 or 11 on Windows XP or Vista allegedly allowed remote code execution. The flaw was discovered by a security researcher on Christmas Eve (December 24) and posted on SecurityFocus's Bugtraq site.

"We’ve found no possibility for code execution in this issue," the Microsoft Security Response Center blog wrote.

Microsoft Corp. acknowledged the fact that the code posted on Bugtraq does crash Windows Media Player, but it can be turned on right away and the crash doesn’t affect the system. The researcher also published a proof of concept code to the public mailing list.

The researcher, Laurent Gaffie, said the flaw would allow a hacker to create a malformed WAV, SND, or MIDI file to compromise a PC running Windows Vista or Windows XP. Microsoft not only denied the vulnerability, but it also criticized Gaffie for publishing his claims without first contacting the company.

“Those claims are false. We've found no possibility for code execution in this issue. Yes, the proof of concept code does trigger a crash of Windows Media player, but the application can be restarted right away and doesn't affect the rest of the system,” Microsoft wrote.

Microsoft added that the vulnerability had been identified and corrected in Windows Server 2003 Service Pack 2. After Microsoft staff worked during the holidays to investigate the vulnerability discovered by Gaffie, they found out it was the same flaw.