also @ TechSpot: Building a Thin Mini-ITX PC: Small and Silent Performance

WMP9 Flaw May Allow Media Library Access

By Thomas McGuire

On June 27, 2003, 7:16 PM

An ActiveX control included with Windows Media Player 9 Series allows Web page authors to create Web pages that can play media & provide a user interface by which the user can control playback. When a user visits a Web page with embedded media, the ActiveX control provides a user interface that allows the user to take such actions as pausing or rewinding the media.

A flaw exists in the way in which the ActiveX control provides access to information on the user’s computer. A vulnerability exists because an attacker could invoke the ActiveX control from script code, which would allow the attacker to view & manipulate metadata contained in the media library on the user’s computer.

Affected Software:
Microsoft Windows Media Player 9 Series

Patch availability

No tags on this story

Post a comment

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on Cameras

Downloads and Drivers

Downloads   Drivers  

1by1 1.79

MKVToolNix 6.2.0

WinDirStat 1.1.2

SketchUp 13.0.3689

MessageMe for Android 1.0.11

More Downloads

Latest Discussion

How did my Windows key become disabled? 15 replies on Other Hardware

Screen saver stop working after installing Norton 12 replies on Software Apps

Need advice on router-buy 5 replies on Storage and Networking

Windows load screen at boot, looong black screen, then normal startup 61 replies on Windows OS

Where should & can I upgrade? 9 replies on Other Hardware

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.