[ISN] Win Media Player hole surrenders your machine

From: InfoSec News (isnat_private)
Date: Thu May 24 2001 - 22:07:10 PDT

  • Next message: InfoSec News: "[ISN] A common language for security vulnerabilities"

    http://www.theregister.co.uk/content/6/19164.html
    
    By Thomas C Greene in Washington
    Posted: 24/05/2001 at 06:02 GMT
    
    The Windows Media Player ASX (Active Stream Redirector) processor
    contains an unchecked buffer susceptible to an overrun which could
    enable an attacker to run arbitrary code on a machine with the
    victim's level of permission, a Microsoft security bulletin warns.
    
    Media Player 6.4 and 7.0 are affected; and earlier,
    currently-unsupported versions 'may or may not be,' the company says.
    
    Developing an exploit would require the cobbling together of a
    malicious file which could be circulated via e-mail or linked on a
    malicious Web site. All that remains is to entice the unlucky victim
    to open it. Naming it sororitysuck.asx ought to do the trick here, we
    reckon.
    
    Alternatively, a malicious HTML page could be set up to run an attack
    script automatically when it's viewed.
    
    A second, less destructive, vulnerability could enable an attacker to
    exploit maliciously-crafted shortcuts, which Media Player 6.4 and 7.0
    save to the user's temporary files directory with a known file name.
    
    "It's possible for HTML code to be stored in such a shortcut and
    launched via a Web page or HTML e-mail, in which case the code would
    run in the Local Computer Zone rather than the Internet Zone. An
    attacker could exploit this vulnerability to read - but not add,
    delete or modify - files on another user's computer," the security
    bulletin explains.
    
    Media Player 6.4 users can download a patch to clear up both defects
    here; while 7.0 users can fix their systems by upgrading to 7.1 here.
    
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Thu May 24 2001 - 23:29:03 PDT