|
|
By Dennis Fisher
May 7, 20003
There is a new vulnerability in the ubiquitous Windows Media Player that could enable an attacker to execute code on the machine of a user who downloads a skin for the player.
When users download new skins—or user interfaces—for the Windows Media Player, the files are automatically saved to the player's "Skins" file folder. As protection against some attacks, WMP introduces a random element into the name of the file so that attackers can't guess the exact name of downloaded skins. However, it's possible to get around this measure by inserting a specific character into the URL of the skin.
This flaw allows an attacker to choose the exact download location of the skin, or alternately, a malicious file disguised as a skin. The most likely scenarios for exploiting this vulnerability are an attacker building a Web page specifically designed to carry such malicious files and either luring visitors to the site or sending them the link an HTML mail message.
| |
|
Article continues...
eWEEK |
 | |
Related:
The vulnerability affects WMP 7.0 and WMP for XP, also known as 8.0. The patch
for the flaw is available here.
|
|
|
 |
| "Advisories!: New Flaw Found in Windows Media Player" | Login/Create an Account | 0 comments |
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
