Bookmark / Share this TS | Thomas
05-08-2003, 01:08 PM
A flaw exists in the way Windows Media Player 7.1 & Windows Media Player for Windows XP handle the download of skin files. The flaw means that an attacker could force a file masquerading as a skin file into a known location on a user’s machine. This could allow an attacker to place a malicious executable on the system.
In order to exploit this flaw, an attacker would have to host a malicious web site that contained a web page designed to exploit this particular vulnerability & then persuade a user to visit that site – an attacker would have no way to force a user to the site. An attacker could also embed the link in an HTML e-mail & send it to the user.
Affected Software:
Microsoft Windows Media Player 7.1
Microsoft Windows Media Player for Windows XP (Version 8.0)
Patch availability:
Microsoft Windows Media Player 7.1 (http://microsoft.com/downloads/details.aspx?FamilyId=012F143A-77D1-4F6F-9338-5A6332614532&displaylang=en)
Microsoft Windows Media Player for Windows XP (http://microsoft.com/downloads/details.aspx?FamilyId=E311DF50-0633-4100-AB37-D7A68D51182F&displaylang=en) (Version 8.0)
In order to exploit this flaw, an attacker would have to host a malicious web site that contained a web page designed to exploit this particular vulnerability & then persuade a user to visit that site – an attacker would have no way to force a user to the site. An attacker could also embed the link in an HTML e-mail & send it to the user.
Affected Software:
Microsoft Windows Media Player 7.1
Microsoft Windows Media Player for Windows XP (Version 8.0)
Patch availability:
Microsoft Windows Media Player 7.1 (http://microsoft.com/downloads/details.aspx?FamilyId=012F143A-77D1-4F6F-9338-5A6332614532&displaylang=en)
Microsoft Windows Media Player for Windows XP (http://microsoft.com/downloads/details.aspx?FamilyId=E311DF50-0633-4100-AB37-D7A68D51182F&displaylang=en) (Version 8.0)
