An ActiveX control included with Windows Media Player 9 Series allows Web page authors to create Web pages that can play media & provide a user interface by which the user can control playback. When a user visits a Web page with embedded media, the ActiveX control provides a user interface that allows the user to take such actions as pausing or rewinding the media.

A flaw exists in the way in which the ActiveX control provides access to information on the user’s computer. A vulnerability exists because an attacker could invoke the ActiveX control from script code, which would allow the attacker to view & manipulate metadata contained in the media library on the user’s computer.

Affected Software:
Microsoft Windows Media Player 9 Series

Patch availability