From: Secunia Security Advisories (sec-advsecunia.com)
Date: Fri Jul 25 2003 - 07:19:36 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Windows Media Player Interaction with Local Zone

READ ONLINE:
http://www.secunia.com/advisories/9358/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Microsoft Windows Media Player 8.x
Microsoft Windows Media Player 7.x
Microsoft Windows Media Player 6.x

DESCRIPTION:
A vulnerability has been identified in Windows Media Player allowing
malicious people to interact with the Local Zone.

The problem is that ".asf" files are able to interact with the file
system. This could potentially be exploited to place arbitrary files
on the users system.

HTML documents such as web pages and emails may embed media files
like ".asf" files, these may be played automatically (this depends on
your configuration).

This has been reported to affect all versions prior to Windows Media
Player 9.

An example "exploit" has been developed, see "Original Advisory".

SOLUTION:
Upgrade to Windows Media Player 9 or uninstall Windows Media Player.

REPORTED BY / CREDITS:
http-equiv, malware.com

ORIGINAL ADVISORY:
http://www.malware.com/once.again!.html

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]