by Steven Musil
December 29, 2008 6:20 PM PST

Microsoft on Monday denounced reports that a vulnerability exists in Windows Media Player that would allow for remote code execution. Microsoft said in a company blog post that it had investigated reports that surfaced on the Internet last week and found them to be "false."

The flaw is "reliability issue with no security risk to customers," the company said on its Security Vulnerability Research & Defense blog. The investigation followed claims published Wednesday on the Bugtraq security mailing list by researcher Laurent Gaffie that a vulnerability existed in Windows Media Player 9, 10, and 11.

Gaffie said the vulnerability would allow a hacker to create a malformed WAV, SND, or MIDI file to compromise a PC running Windows Vista or Windows XP, and included a proof-of-concept code he said would allow remote code execution. Along with its denial, Microsoft criticized Gaffie for publishing his claims without first contacting the software giant:

The security researcher making the initial report didn't contact us or work with us directly but instead posted the report along with proof of concept code to a public mailing list. After that report, other organizations picked the report up and claimed that the issue was a code execution vulnerability in Windows Media Player......