A flaw exists in the way Windows Media Player 7.1 & Windows Media Player for Windows XP handle the download of skin files. The flaw means that an attacker could force a file masquerading as a skin file into a known location on a user’s machine. This could allow an attacker to place a malicious executable on the system.

In order to exploit this flaw, an attacker would have to host a malicious web site that contained a web page designed to exploit this particular vulnerability & then persuade a user to visit that site – an attacker would have no way to force a user to the site. An attacker could also embed the link in an HTML e-mail & send it to the user.

Affected Software:
Microsoft Windows Media Player 7.1
Microsoft Windows Media Player for Windows XP (Version 8.0)

Patch availability:
Microsoft Windows Media Player 7.1
Microsoft Windows Media Player for Windows XP (Version 8.0)