|
Windows Media Player Interaction with Local Zone
|
|
Secunia Advisory:
|
SA9358
|
|
|
Release Date:
|
2003-07-25
|
|
Last Update:
|
2003-07-28
|
|
Popularity:
|
13,673 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Windows Media Player 6.x
Microsoft Windows Media Player 7.x
Microsoft Windows Media Player 8.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
A vulnerability has been identified in Windows Media Player allowing malicious people to interact with the Local Zone.
The problem is that ".asf" files are able to interact with the file system. This could potentially be exploited to place arbitrary files on the users system.
HTML documents such as web pages and emails may embed media files like ".asf" files, these may be played automatically (this depends on your configuration).
This has been reported to affect all versions prior to Windows Media Player 9.
An example "exploit" has been developed, see "Original Advisory".
Solution:
Upgrade to Windows Media Player 9 or uninstall Windows Media Player.
Provided and/or discovered by:
http-equiv, malware.com
Original Advisory:
WARNING: This is a working "exploit":
http://www.malware.com/once.again!.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
